Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0834
Vulnerability from certfr_avis - Published: 2026-07-03 - Updated: 2026-07-03
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | Db2 | Db2 Genius Hub versions antérieures à 1.1.3 | ||
| IBM | Db2 | Db2 Big SQL on IBM Software Hub versions antérieures à 5.4 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | N/A | SOAR QRadar Plugin App versions antérieures à 5.6.5 | ||
| IBM | WebSphere | WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 26.0.0.8 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Genius Hub versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on IBM Software Hub versions ant\u00e9rieures \u00e0 5.4",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-50645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
},
{
"name": "CVE-2026-11383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
},
{
"name": "CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"name": "CVE-2025-14688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14688"
},
{
"name": "CVE-2026-9171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2026-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1577"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2026-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9072"
},
{
"name": "CVE-2026-24737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24737"
},
{
"name": "CVE-2026-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8858"
},
{
"name": "CVE-2026-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2026-11707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
},
{
"name": "CVE-2026-11546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11546"
},
{
"name": "CVE-2026-42036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2026-11594",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2026-24043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24043"
},
{
"name": "CVE-2025-13755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13755"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6051"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-11536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2026-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-9320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
},
{
"name": "CVE-2026-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6053"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-29869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29869"
},
{
"name": "CVE-2026-42040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6052"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2026-24133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24133"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2026-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3676"
},
{
"name": "CVE-2026-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1352"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-36122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36122"
},
{
"name": "CVE-2026-25940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25940"
},
{
"name": "CVE-2026-24040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24040"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
},
{
"name": "CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"name": "CVE-2026-25755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25755"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"name": "CVE-2026-11595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
},
{
"name": "CVE-2026-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11714"
},
{
"name": "CVE-2026-25535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25535"
},
{
"name": "CVE-2026-42034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
},
{
"name": "CVE-2026-9322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
},
{
"name": "CVE-2026-31938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31938"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-6938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6938"
},
{
"name": "CVE-2026-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
},
{
"name": "CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13772"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-42037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
},
{
"name": "CVE-2026-42042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
},
{
"name": "CVE-2026-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2026-31898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31898"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2026-10852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10852"
},
{
"name": "CVE-2026-27212",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27212"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
}
],
"initial_release_date": "2026-07-03T00:00:00",
"last_revision_date": "2026-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0834",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278360",
"url": "https://www.ibm.com/support/pages/node/7278360"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279004",
"url": "https://www.ibm.com/support/pages/node/7279004"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278998",
"url": "https://www.ibm.com/support/pages/node/7278998"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278996",
"url": "https://www.ibm.com/support/pages/node/7278996"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278993",
"url": "https://www.ibm.com/support/pages/node/7278993"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279001",
"url": "https://www.ibm.com/support/pages/node/7279001"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278935",
"url": "https://www.ibm.com/support/pages/node/7278935"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278590",
"url": "https://www.ibm.com/support/pages/node/7278590"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278148",
"url": "https://www.ibm.com/support/pages/node/7278148"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279002",
"url": "https://www.ibm.com/support/pages/node/7279002"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278995",
"url": "https://www.ibm.com/support/pages/node/7278995"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278997",
"url": "https://www.ibm.com/support/pages/node/7278997"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278990",
"url": "https://www.ibm.com/support/pages/node/7278990"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278358",
"url": "https://www.ibm.com/support/pages/node/7278358"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278989",
"url": "https://www.ibm.com/support/pages/node/7278989"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278576",
"url": "https://www.ibm.com/support/pages/node/7278576"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278572",
"url": "https://www.ibm.com/support/pages/node/7278572"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278580",
"url": "https://www.ibm.com/support/pages/node/7278580"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278398",
"url": "https://www.ibm.com/support/pages/node/7278398"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278359",
"url": "https://www.ibm.com/support/pages/node/7278359"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279003",
"url": "https://www.ibm.com/support/pages/node/7279003"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
"url": "https://www.ibm.com/support/pages/node/7278103"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278593",
"url": "https://www.ibm.com/support/pages/node/7278593"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278399",
"url": "https://www.ibm.com/support/pages/node/7278399"
}
]
}
CVE-2024-25260 (GCVE-0-2024-25260)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2025-04-24 15:07
VLAI?
EPSS
Summary
elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
Severity ?
4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:elfutils_project:elfutils:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elfutils",
"vendor": "elfutils_project",
"versions": [
{
"status": "affected",
"version": "v0.189"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25260",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:03:37.212098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:07:14.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:08.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=31058"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/schsiung/fuzzer_issues/issues/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/elfutils/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T17:23:39.164Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=31058"
},
{
"url": "https://github.com/schsiung/fuzzer_issues/issues/1"
},
{
"url": "https://sourceware.org/elfutils/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25260",
"datePublished": "2024-02-20T00:00:00.000Z",
"dateReserved": "2024-02-07T00:00:00.000Z",
"dateUpdated": "2025-04-24T15:07:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-27212 (GCVE-0-2026-27212)
Vulnerability from cvelistv5 – Published: 2026-02-21 05:43 – Updated: 2026-02-24 18:53
VLAI?
EPSS
Title
Swiper has a Prototype Pollution Vulnerability
Summary
Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. The exploit works across Windows and Linux and on Node and Bun runtimes. Any application that processes attacker-controlled input using this package may be affected by the following: Authentication Bypass, Denial of Service and RCE. This issue is fixed in version 12.1.2.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nolimits4web | swiper |
Affected:
>= 6.5.1, < 12.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:52:46.035771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:53:04.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "swiper",
"vendor": "nolimits4web",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.5.1, \u003c 12.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. The exploit works across Windows and Linux and on Node and Bun runtimes. Any application that processes attacker-controlled input using this package may be affected by the following: Authentication Bypass, Denial of Service and RCE. This issue is fixed in version 12.1.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-21T05:43:07.072Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nolimits4web/swiper/security/advisories/GHSA-hmx5-qpq5-p643",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nolimits4web/swiper/security/advisories/GHSA-hmx5-qpq5-p643"
},
{
"name": "https://github.com/nolimits4web/swiper/commit/d3e663322a13043ca63aaba235d8cf3900e0c8cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nolimits4web/swiper/commit/d3e663322a13043ca63aaba235d8cf3900e0c8cf"
},
{
"name": "https://github.com/nolimits4web/swiper/releases/tag/v12.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nolimits4web/swiper/releases/tag/v12.1.2"
}
],
"source": {
"advisory": "GHSA-hmx5-qpq5-p643",
"discovery": "UNKNOWN"
},
"title": "Swiper has a Prototype Pollution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27212",
"datePublished": "2026-02-21T05:43:07.072Z",
"dateReserved": "2026-02-18T19:47:02.156Z",
"dateUpdated": "2026-02-24T18:53:04.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64718 (GCVE-0-2025-64718)
Vulnerability from cvelistv5 – Published: 2025-11-13 15:32 – Updated: 2026-01-29 22:08
VLAI?
EPSS
Title
js-yaml has prototype pollution in merge (<<)
Summary
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
Severity ?
5.3 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:18:01.997938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:18:39.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-21T14:38:16.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "js-yaml",
"vendor": "nodeca",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.1"
},
{
"status": "affected",
"version": "\u003c 3.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T22:08:30.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
},
{
"name": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876"
},
{
"name": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
},
{
"name": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"
}
],
"source": {
"advisory": "GHSA-mh29-5h37-fv8m",
"discovery": "UNKNOWN"
},
"title": "js-yaml has prototype pollution in merge (\u003c\u003c)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64718",
"datePublished": "2025-11-13T15:32:44.634Z",
"dateReserved": "2025-11-10T14:07:42.922Z",
"dateUpdated": "2026-01-29T22:08:30.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42044 (GCVE-0-2026-42044)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:49 – Updated: 2026-07-03 12:04
VLAI?
EPSS
Title
Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
Summary
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42044",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T18:11:49.647774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:12:13.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.12::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.12.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2.9::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 2.9.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-24T17:49:49.517Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:49.241Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"name": "RHBZ#2461624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42044.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24473"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25273"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20454"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26232"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25271"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19109"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:24473: Network Observability (NETOBSERV) 1.12.0"
},
{
"lang": "en",
"value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:20338: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:20454: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26232: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:24471: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:34608: Streams for Apache Kafka 2.9.4"
},
{
"lang": "en",
"value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:25271: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T19:01:13.418Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-24T17:49:49.517Z",
"value": "Made public."
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into surgical, invisible modification of all JSON API responses \u2014 including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:50:26.586Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"source": {
"advisory": "GHSA-3w6x-2g7m-8v23",
"discovery": "UNKNOWN"
},
"title": "Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42044",
"datePublished": "2026-04-24T17:49:49.517Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-07-03T12:04:49.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-24056 (GCVE-0-2023-24056)
Vulnerability from cvelistv5 – Published: 2023-01-22 00:00 – Updated: 2025-04-02 15:45
VLAI?
EPSS
Summary
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nullprogram.com/blog/2023/01/18/"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pkgconf/pkgconf/tags"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:42:36.457176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:45:00.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nullprogram.com/blog/2023/01/18/"
},
{
"url": "https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059"
},
{
"url": "https://github.com/pkgconf/pkgconf/tags"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24056",
"datePublished": "2023-01-22T00:00:00.000Z",
"dateReserved": "2023-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-02T15:45:00.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-42035 (GCVE-0-2026-42035)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:38 – Updated: 2026-04-25 03:55
VLAI?
EPSS
Title
Axios: Header Injection via Prototype Pollution
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself — any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
7.4 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42035",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T03:55:59.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself \u2014 any prototype pollution primitive in any dependency in the application\u0027s dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:38:07.752Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"source": {
"advisory": "GHSA-6chq-wfr3-2hj9",
"discovery": "UNKNOWN"
},
"title": "Axios: Header Injection via Prototype Pollution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42035",
"datePublished": "2026-04-24T17:38:07.752Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-04-25T03:55:59.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42043 (GCVE-0-2026-42043)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:54 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
7.2 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42043",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:47:20.443878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:47:24.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-24T17:54:42.668Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:57.148Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"name": "RHBZ#2461626",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42043.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25273"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22619"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26232"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25271"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19109"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:22619: Red Hat Data Grid 8.6.1"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26232: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:25271: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T19:01:22.552Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-24T17:54:42.668Z",
"value": "Made public."
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-183",
"description": "CWE-183: Permissive List of Allowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:54:42.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"source": {
"advisory": "GHSA-pmwg-cvhr-8vh7",
"discovery": "UNKNOWN"
},
"title": "Axios: Incomplete Fix for CVE-2025-62718 \u2014 NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42043",
"datePublished": "2026-04-24T17:54:42.668Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-07-01T12:04:57.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1377 (GCVE-0-2025-1377)
Vulnerability from cvelistv5 – Published: 2025-02-17 05:00 – Updated: 2025-02-18 15:30
VLAI?
EPSS
Title
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
Summary
A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
wenjusun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:30:11.101563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:30:48.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"eu-strip"
],
"product": "elfutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.192"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GNU elfutils 0.192 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion gelf_getsymshndx der Datei strip.c der Komponente eu-strip. Durch Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als fbf1df9ca286de3323ae541973b08449f8d03aba bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T05:00:19.288Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295985 | GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295985"
},
{
"name": "VDB-295985 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295985"
},
{
"name": "Submit #497539 | GNU elfutils/eu-strip 0.192 illegal read access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.497539"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32673"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15941"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-16T21:00:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1377",
"datePublished": "2025-02-17T05:00:19.288Z",
"dateReserved": "2025-02-16T19:55:12.872Z",
"dateUpdated": "2025-02-18T15:30:48.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-8646 (GCVE-0-2026-8646)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:44 – Updated: 2026-06-24 03:56
VLAI?
EPSS
Title
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
Summary
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.
Severity ?
7.4 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 8.5.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T03:56:09.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.6",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:44:42.460Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276579"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276381\" rel=\"nofollow\"\u003ePH71631\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u00a0 How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71631 https://www.ibm.com/support/pages/node/7276381 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-8646",
"datePublished": "2026-06-22T14:44:42.460Z",
"dateReserved": "2026-05-14T20:38:35.335Z",
"dateUpdated": "2026-06-24T03:56:09.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24001 (GCVE-0-2026-24001)
Vulnerability from cvelistv5 – Published: 2026-01-22 02:23 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
Summary
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its "leading garbage"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\r`, `\u2028`, or `\u2029`.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T12:57:00.484983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T16:03:16.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-22T02:23:44.059Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsdiff. A specially crafted patch input containing specific line break characters can cause the parsePatch method to enter an infinite loop, leading to uncontrolled memory consumption and a process crash, resulting in a denial of service. The applyPatch method is similarly affected when called with a string representation of a patch as an argument. Additionally, a related vulnerability allows a Regular Expression Denial of Service (ReDoS) when these characters are present in a patch filename header, significantly increasing parsing time."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:40.872Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-24001"
},
{
"name": "RHBZ#2431930",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431930"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24001.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-22T03:01:21.135Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-22T02:23:44.059Z",
"value": "Made public."
}
],
"title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this flaw, applications parsing user-supplied patch data should implement input validation to detect and reject input containing line break characters, such as \\r, \\u2028, or \\u2029 before passing the input to the parsePatch and the applyPatch methods, preventing the library from entering an infinite loop and consuming excessive memory."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsdiff",
"vendor": "kpdecker",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 8.0.3"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.2.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch\u0027s *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*\u00b3) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T17:16:10.830Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx"
},
{
"name": "https://github.com/kpdecker/jsdiff/issues/653",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kpdecker/jsdiff/issues/653"
},
{
"name": "https://github.com/kpdecker/jsdiff/pull/649",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kpdecker/jsdiff/pull/649"
},
{
"name": "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5"
}
],
"source": {
"advisory": "GHSA-73rr-hh4g-fpgx",
"discovery": "UNKNOWN"
},
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24001",
"datePublished": "2026-01-22T02:23:44.059Z",
"dateReserved": "2026-01-19T18:49:20.658Z",
"dateUpdated": "2026-06-30T12:06:40.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32141 (GCVE-0-2026-32141)
Vulnerability from cvelistv5 – Published: 2026-03-12 18:08 – Updated: 2026-07-02 12:05
VLAI?
EPSS
Title
flatted: Unbounded recursion DoS in parse() revive phase
Summary
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.
Severity ?
7.5 (High)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebReflection | flatted |
Affected:
< 3.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32141",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:20:15.479714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:20:19.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-12T18:08:09.634Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:19.661Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"name": "RHBZ#2447083",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32141.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T19:01:30.987Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-12T18:08:09.634Z",
"value": "Made public."
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "flatted",
"vendor": "WebReflection",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "flatted is a circular JSON parser. Prior to 3.4.0, flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T18:08:09.634Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
},
{
"name": "https://github.com/WebReflection/flatted/pull/88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"name": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
}
],
"source": {
"advisory": "GHSA-25h7-pfq9-p65f",
"discovery": "UNKNOWN"
},
"title": "flatted: Unbounded recursion DoS in parse() revive phase"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32141",
"datePublished": "2026-03-12T18:08:09.634Z",
"dateReserved": "2026-03-10T22:19:36.546Z",
"dateUpdated": "2026-07-02T12:05:19.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68161 (GCVE-0-2025-68161)
Vulnerability from cvelistv5 – Published: 2025-12-18 20:47 – Updated: 2026-04-10 16:18
VLAI?
EPSS
Title
Apache Log4j Core: Missing TLS hostname verification in Socket appender
Summary
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.
This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:
* The attacker is able to intercept or redirect network traffic between the client and the log receiver.
* The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).
Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.
As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.
Severity ?
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j Core |
Affected:
2.0-beta9 , < 2.25.3
(maven)
Affected: 3.0.0-alpha1 , ≤ 3.0.0-beta3 (maven) cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* |
Credits
Samuli Leinonen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:34:24.735166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:46:19.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-20T00:13:44.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/18/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"cpes": [
"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"packageName": "org.apache.logging.log4j:log4j-core",
"packageURL": "pkg:maven/org.apache.logging.log4j/log4j-core",
"product": "Apache Log4j Core",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.25.3",
"status": "affected",
"version": "2.0-beta9",
"versionType": "maven"
},
{
"lessThanOrEqual": "3.0.0-beta3",
"status": "affected",
"version": "3.0.0-alpha1",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Samuli Leinonen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Socket Appender in Apache Log4j Core versions \u003ccode\u003e2.0-beta9\u003c/code\u003e through \u003ccode\u003e2.25.2\u003c/code\u003e does not perform TLS hostname verification of the peer certificate, even when the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName\"\u003everifyHostName\u003c/a\u003e configuration attribute or the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName\"\u003elog4j2.sslVerifyHostName\u003c/a\u003e system property is set to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe attacker is able to intercept or redirect network traffic between the client and the log receiver.\u003c/li\u003e\u003cli\u003eThe attacker can present a server certificate issued by a certification authority trusted by the Socket Appender\u2019s configured \u003cstrong\u003etrust store\u003c/strong\u003e (or by the default Java trust store if no custom trust store is configured).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eUsers are advised to upgrade to Apache Log4j Core version \u003ccode\u003e2.25.3\u003c/code\u003e, which addresses this issue.\u003c/p\u003e\u003cp\u003eAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.\u003c/p\u003e"
}
],
"value": "The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n * The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender\u2019s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T16:18:50.424Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/logging-log4j2/pull/4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://logging.apache.org/security.html#CVE-2025-68161"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"tags": [
"related"
],
"url": "https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName"
},
{
"tags": [
"related"
],
"url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Log4j Core: Missing TLS hostname verification in Socket appender",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-68161",
"datePublished": "2025-12-18T20:47:49.123Z",
"dateReserved": "2025-12-16T11:30:53.875Z",
"dateUpdated": "2026-04-10T16:18:50.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42041 (GCVE-0-2026-42041)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:55 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript's in operator — an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () => true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
4.8 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42041",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T18:29:47.107016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:32:58.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-24T17:55:30.036Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:57.447Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"name": "RHBZ#2461629",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42041.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25273"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22619"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26232"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25271"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19109"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:22619: Red Hat Data Grid 8.6.1"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26232: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:25271: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T19:01:41.034Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-24T17:55:30.036Z",
"value": "Made public."
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), causing them to be treated as successful responses. This completely bypasses application-level authentication and error handling. The root cause is that validateStatus is the only config property using the mergeDirectKeys merge strategy, which uses JavaScript\u0027s in operator \u2014 an operator that inherently traverses the prototype chain. When Object.prototype.validateStatus is polluted with () =\u003e true, all HTTP status codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:55:30.036Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"source": {
"advisory": "GHSA-w9j2-pvgh-6h63",
"discovery": "UNKNOWN"
},
"title": "Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42041",
"datePublished": "2026-04-24T17:55:30.036Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-07-01T12:04:57.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27903 (GCVE-0-2026-27903)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:06 – Updated: 2026-02-26 19:20
VLAI?
EPSS
Title
minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Summary
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.
Severity ?
7.5 (High)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:20:40.009551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:20:51.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "minimatch",
"vendor": "isaacs",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.2.3"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.0.7"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.4.8"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.2.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.8"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.2.5"
},
{
"status": "affected",
"version": "\u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:06:32.856Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj"
}
],
"source": {
"advisory": "GHSA-7r86-cg39-jmmj",
"discovery": "UNKNOWN"
},
"title": "minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27903",
"datePublished": "2026-02-26T01:06:32.856Z",
"dateReserved": "2026-02-24T15:19:29.718Z",
"dateUpdated": "2026-02-26T19:20:51.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11595 (GCVE-0-2026-11595)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:50 – Updated: 2026-07-01 12:55
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by a Path Traversal vulnerability
Summary
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0
Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T12:55:46.828836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:55:55.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console\u0027s integrated help system.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console\u0027s integrated help system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:50:22.059Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u00a0and\u00a0\u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u00a0\u003c/strong\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and\u003cstrong\u003e carefully follow the instructions in \u003c/strong\u003ePH71756\u003cstrong\u003e for steps required after fixpack installation.\u003c/strong\u003e\u00a0.\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\n\n\n\nAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \u00a0and\u00a0carefully follow the instructions for steps required after fix installation.\u00a0\n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and carefully follow the instructions in PH71756 for steps required after fixpack installation.\u00a0.\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by a Path Traversal vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11595",
"datePublished": "2026-06-30T19:50:22.059Z",
"dateReserved": "2026-06-08T14:16:44.778Z",
"dateUpdated": "2026-07-01T12:55:55.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33671 (GCVE-0-2026-33671)
Vulnerability from cvelistv5 – Published: 2026-03-26 21:20 – Updated: 2026-03-27 20:00
VLAI?
EPSS
Title
Picomatch has a ReDoS vulnerability via extglob quantifiers
Summary
Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| micromatch | picomatch |
Affected:
>= 4.0.0, < 4.0.4
Affected: >= 3.0.0, < 3.0.2 Affected: < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:12:26.127766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:00:45.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "picomatch",
"vendor": "micromatch",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.2"
},
{
"status": "affected",
"version": "\u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T21:20:48.191Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj"
},
{
"name": "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"
}
],
"source": {
"advisory": "GHSA-c2c7-rcm5-vvqj",
"discovery": "UNKNOWN"
},
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33671",
"datePublished": "2026-03-26T21:20:48.191Z",
"dateReserved": "2026-03-23T16:34:59.930Z",
"dateUpdated": "2026-03-27T20:00:45.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2026-06-29 23:43
VLAI?
EPSS
Title
Rsync: rsync server leaks arbitrary client files
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Severity ?
6.1 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:14:25.165183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:20:53.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:14.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.4.1-2.el10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782166952",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T23:43:41.776Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2025:6470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"name": "RHSA-2026:19368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"name": "RHSA-2026:20603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"name": "RHSA-2026:29197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"name": "RHBZ#2330577",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00.000Z",
"value": "Made public."
}
],
"title": "Rsync: rsync server leaks arbitrary client files",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12086",
"datePublished": "2025-01-14T17:37:54.960Z",
"dateReserved": "2024-12-03T08:57:58.397Z",
"dateUpdated": "2026-06-29T23:43:41.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42040 (GCVE-0-2026-42040)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:40 – Updated: 2026-04-27 13:48
VLAI?
EPSS
Title
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent('\x00') correctly produces the safe sequence %00, the charMap entry '%00': '\x00' converts it back to a raw null byte. Primary impact is limited because the standard axios request flow is not affected. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42040",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:48:02.943460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:48:06.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent(\u0027\\x00\u0027) correctly produces the safe sequence %00, the charMap entry \u0027%00\u0027: \u0027\\x00\u0027 converts it back to a raw null byte. Primary impact is limited because the standard axios request flow is not affected. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-626",
"description": "CWE-626: Null Byte Interaction Error (Poison Null Byte)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:40:31.125Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw"
}
],
"source": {
"advisory": "GHSA-xhjh-pmcv-23jw",
"discovery": "UNKNOWN"
},
"title": "Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42040",
"datePublished": "2026-04-24T17:40:31.125Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-04-27T13:48:06.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8858 (GCVE-0-2026-8858)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:16 – Updated: 2026-06-24 16:52
VLAI?
EPSS
Title
WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
Severity ?
7.5 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | i |
Affected:
7.6.0 , ≤ 1.8.4
(semver)
Affected: 7.5.0 (semver) Affected: 7.4.0 (semver) Affected: 7.3.0 (semver) cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T03:56:00.365269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T18:48:11.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T16:52:06.127Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now.\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eIBM i Release\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e5770-SS1 Option 3\u003cbr\u003ePTF Number(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePTF Download Link(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e7.6\u003c/td\u003e\u003ctd\u003eSJ10122\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.5\u003c/td\u003e\u003ctd\u003eSJ10121\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.4\u003c/td\u003e\u003ctd\u003eSJ10120\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.3\u003c/td\u003e\u003ctd\u003eSJ10119\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now.\n\nIBM i Release5770-SS1 Option 3\nPTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119 \n\n\n\nIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-8858",
"datePublished": "2026-06-22T14:16:39.629Z",
"dateReserved": "2026-05-18T18:06:05.131Z",
"dateUpdated": "2026-06-24T16:52:06.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2391 (GCVE-0-2026-2391)
Vulnerability from cvelistv5 – Published: 2026-02-12 04:39 – Updated: 2026-02-12 17:32
VLAI?
EPSS
Title
qs's arrayLimit bypass in comma parsing allows denial of service
Summary
### Summary
The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).
### Details
When the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.
**Vulnerable code** (lib/parse.js: lines ~40-50):
```js
if (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {
return val.split(',');
}
if (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {
throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
}
return val;
```
The `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).
### PoC
**Test 1 - Basic bypass:**
```
npm install qs
```
```js
const qs = require('qs');
const payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)
const options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };
try {
const result = qs.parse(payload, options);
console.log(result.a.length); // Outputs: 26 (bypass successful)
} catch (e) {
console.log('Limit enforced:', e.message); // Not thrown
}
```
**Configuration:**
- `comma: true`
- `arrayLimit: 5`
- `throwOnLimitExceeded: true`
Expected: Throws "Array limit exceeded" error.
Actual: Parses successfully, creating an array of length 26.
### Impact
Denial of Service (DoS) via memory exhaustion.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2391",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T15:00:21.359233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T15:00:40.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://npmjs.com/qs",
"defaultStatus": "unaffected",
"packageName": "qs",
"repo": "https://github.com/ljharb/qs",
"versions": [
{
"lessThanOrEqual": "6.14.1",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "### Summary\u003cbr\u003eThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).\u003cbr\u003e\u003cbr\u003e### Details\u003cbr\u003eWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `[\u0027a\u0027, \u0027b\u0027, \u0027c\u0027]`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.\u003cbr\u003e\u003cbr\u003e**Vulnerable code** (lib/parse.js: lines ~40-50):\u003cbr\u003e```js\u003cbr\u003eif (val \u0026amp;\u0026amp; typeof val === \u0027string\u0027 \u0026amp;\u0026amp; options.comma \u0026amp;\u0026amp; val.indexOf(\u0027,\u0027) \u0026gt; -1) {\u003cbr\u003e\u0026nbsp; \u0026nbsp; return val.split(\u0027,\u0027);\u003cbr\u003e}\u003cbr\u003e\u003cbr\u003eif (options.throwOnLimitExceeded \u0026amp;\u0026amp; currentArrayLength \u0026gt;= options.arrayLimit) {\u003cbr\u003e\u0026nbsp; \u0026nbsp; throw new RangeError(\u0027Array limit exceeded. Only \u0027 + options.arrayLimit + \u0027 element\u0027 + (options.arrayLimit === 1 ? \u0027\u0027 : \u0027s\u0027) + \u0027 allowed in an array.\u0027);\u003cbr\u003e}\u003cbr\u003e\u003cbr\u003ereturn val;\u003cbr\u003e```\u003cbr\u003eThe `split(\u0027,\u0027)` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).\u003cbr\u003e\u003cbr\u003e### PoC\u003cbr\u003e**Test 1 - Basic bypass:**\u003cbr\u003e```\u003cbr\u003enpm install qs\u003cbr\u003e```\u003cbr\u003e\u003cbr\u003e```js\u003cbr\u003econst qs = require(\u0027qs\u0027);\u003cbr\u003e\u003cbr\u003econst payload = \u0027a=\u0027 + \u0027,\u0027.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)\u003cbr\u003econst options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };\u003cbr\u003e\u003cbr\u003etry {\u003cbr\u003e\u0026nbsp; const result = qs.parse(payload, options);\u003cbr\u003e\u0026nbsp; console.log(result.a.length); // Outputs: 26 (bypass successful)\u003cbr\u003e} catch (e) {\u003cbr\u003e\u0026nbsp; console.log(\u0027Limit enforced:\u0027, e.message); // Not thrown\u003cbr\u003e}\u003cbr\u003e```\u003cbr\u003e**Configuration:**\u003cbr\u003e- `comma: true`\u003cbr\u003e- `arrayLimit: 5`\u003cbr\u003e- `throwOnLimitExceeded: true`\u003cbr\u003e\u003cbr\u003eExpected: Throws \"Array limit exceeded\" error.\u003cbr\u003eActual: Parses successfully, creating an array of length 26.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e### Impact\u003cbr\u003eDenial of Service (DoS) via memory exhaustion.\u003cbr\u003e"
}
],
"value": "### Summary\nThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).\n\n### Details\nWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `[\u0027a\u0027, \u0027b\u0027, \u0027c\u0027]`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.\n\n**Vulnerable code** (lib/parse.js: lines ~40-50):\n```js\nif (val \u0026\u0026 typeof val === \u0027string\u0027 \u0026\u0026 options.comma \u0026\u0026 val.indexOf(\u0027,\u0027) \u003e -1) {\n\u00a0 \u00a0 return val.split(\u0027,\u0027);\n}\n\nif (options.throwOnLimitExceeded \u0026\u0026 currentArrayLength \u003e= options.arrayLimit) {\n\u00a0 \u00a0 throw new RangeError(\u0027Array limit exceeded. Only \u0027 + options.arrayLimit + \u0027 element\u0027 + (options.arrayLimit === 1 ? \u0027\u0027 : \u0027s\u0027) + \u0027 allowed in an array.\u0027);\n}\n\nreturn val;\n```\nThe `split(\u0027,\u0027)` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).\n\n### PoC\n**Test 1 - Basic bypass:**\n```\nnpm install qs\n```\n\n```js\nconst qs = require(\u0027qs\u0027);\n\nconst payload = \u0027a=\u0027 + \u0027,\u0027.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)\nconst options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };\n\ntry {\n\u00a0 const result = qs.parse(payload, options);\n\u00a0 console.log(result.a.length); // Outputs: 26 (bypass successful)\n} catch (e) {\n\u00a0 console.log(\u0027Limit enforced:\u0027, e.message); // Not thrown\n}\n```\n**Configuration:**\n- `comma: true`\n- `arrayLimit: 5`\n- `throwOnLimitExceeded: true`\n\nExpected: Throws \"Array limit exceeded\" error.\nActual: Parses successfully, creating an array of length 26.\n\n\n### Impact\nDenial of Service (DoS) via memory exhaustion."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T17:32:05.953Z",
"orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"shortName": "harborist"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "qs\u0027s arrayLimit bypass in comma parsing allows denial of service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"assignerShortName": "harborist",
"cveId": "CVE-2026-2391",
"datePublished": "2026-02-12T04:39:42.914Z",
"dateReserved": "2026-02-12T03:52:09.332Z",
"dateUpdated": "2026-02-12T17:32:05.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9071 (GCVE-0-2026-9071)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:47 – Updated: 2026-06-23 13:39
VLAI?
EPSS
Title
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption
Summary
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 8.5.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T13:37:50.583050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T13:39:22.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.6",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:49:28.915Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276579"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276381\" rel=\"nofollow\"\u003ePH71631\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u00a0 How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71631 https://www.ibm.com/support/pages/node/7276381 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9071",
"datePublished": "2026-06-22T14:47:39.502Z",
"dateReserved": "2026-05-20T10:58:43.207Z",
"dateUpdated": "2026-06-23T13:39:22.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-23337 (GCVE-0-2021-23337)
Vulnerability from cvelistv5 – Published: 2021-02-15 12:15 – Updated: 2024-09-16 19:15
VLAI?
EPSS
Title
Command Injection
Summary
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Severity ?
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Credits
Marc Hassan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0006/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lodash",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 4.17.21"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marc Hassan"
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T11:06:34.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0006/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
}
],
"title": "Command Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-02-15T12:13:18.729628Z",
"ID": "CVE-2021-23337",
"STATE": "PUBLIC",
"TITLE": "Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lodash",
"version": {
"version_data": [
{
"version_value": "prior to 4.17.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marc Hassan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932"
},
{
"name": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
"refsource": "MISC",
"url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23337",
"datePublished": "2021-02-15T12:15:14.715Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:17.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-42034 (GCVE-0-2026-42034)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:59 – Updated: 2026-04-24 18:13
VLAI?
EPSS
Title
Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https transport path). Oversized streamed uploads are sent fully even when the caller sets strict body limits. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42034",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T18:12:43.106146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:13:14.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https transport path). Oversized streamed uploads are sent fully even when the caller sets strict body limits. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:59:47.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx"
}
],
"source": {
"advisory": "GHSA-5c9x-8gcm-mpgx",
"discovery": "UNKNOWN"
},
"title": "Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42034",
"datePublished": "2026-04-24T17:59:47.802Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-04-24T18:13:14.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2327 (GCVE-0-2026-2327)
Vulnerability from cvelistv5 – Published: 2026-02-12 05:00 – Updated: 2026-02-12 14:41
VLAI?
EPSS
Summary
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.
Severity ?
5.3 (Medium)
CWE
- CWE-1333 - Regular Expression Denial of Service (ReDoS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | markdown-it |
Affected:
13.0.0 , < 14.1.1
(semver)
|
Credits
Duc Le Trung
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:41:31.205349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:41:53.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-10666750"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "markdown-it",
"vendor": "n/a",
"versions": [
{
"lessThan": "14.1.1",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Duc Le Trung"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Regular Expression Denial of Service (ReDoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T05:00:07.369Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-10666750"
},
{
"url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917"
},
{
"url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33"
},
{
"url": "https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2026-2327",
"datePublished": "2026-02-12T05:00:07.369Z",
"dateReserved": "2026-02-11T07:02:27.771Z",
"dateUpdated": "2026-02-12T14:41:53.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42039 (GCVE-0-2026-42039)
Vulnerability from cvelistv5 – Published: 2026-04-24 18:01 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T18:14:11.509943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:14:37.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.12::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.12.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-24T18:01:30.775Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:57.748Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"name": "RHBZ#2461630",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42039.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24473"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25273"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22619"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25271"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19109"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:24473: Network Observability (NETOBSERV) 1.12.0"
},
{
"lang": "en",
"value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:22619: Red Hat Data Grid 8.6.1"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:25271: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T19:01:44.887Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-24T18:01:30.775Z",
"value": "Made public."
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:01:30.775Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"source": {
"advisory": "GHSA-62hf-57xw-28j9",
"discovery": "UNKNOWN"
},
"title": "Axios: unbounded recursion in toFormData causes DoS via deeply nested request data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42039",
"datePublished": "2026-04-24T18:01:30.775Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-07-01T12:04:57.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11708 (GCVE-0-2026-11708)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:47 – Updated: 2026-07-01 14:01
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability
Summary
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.
Severity ?
9.3 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0
Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:00:57.427493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:01:08.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console\u0027s integrated help system.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console\u0027s integrated help system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:47:31.481Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u00a0and\u00a0\u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u00a0\u003c/strong\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and\u003cstrong\u003e carefully follow the instructions in \u003c/strong\u003ePH71756\u003cstrong\u003e for steps required after fixpack installation.\u003c/strong\u003e\u00a0.\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\n\n\n\nAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \u00a0and\u00a0carefully follow the instructions for steps required after fix installation.\u00a0\n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and carefully follow the instructions in PH71756 for steps required after fixpack installation.\u00a0.\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by a cross-site scripting vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11708",
"datePublished": "2026-06-30T19:47:31.481Z",
"dateReserved": "2026-06-08T23:50:25.626Z",
"dateUpdated": "2026-07-01T14:01:08.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6051 (GCVE-0-2026-6051)
Vulnerability from cvelistv5 – Published: 2026-05-27 13:07 – Updated: 2026-05-27 14:41
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
Severity ?
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:38:57.077391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:41:58.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:07:47.761Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273558"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when executing a specially crafted query with a small statement heap",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e1) Increase statement heap by setting larger STMTHEAP.\u003c/p\u003e\u003cp\u003eor\u003c/p\u003e\u003cp\u003e2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\u003c/p\u003e\u003cp\u003e\u0026lt;query\u0026gt;\u003c/p\u003e\u003cp\u003e/* \u0026lt;OPTGUIDELINES\u0026gt;\u003c/p\u003e\u003cp\u003e\u00a0\u00a0\u0026lt;QRYOPT VALUE=\u00270\u0027/\u0026gt;\u003c/p\u003e\u003cp\u003e\u0026lt;/OPTGUIDELINES\u0026gt; */\u003c/p\u003e"
}
],
"value": "1) Increase statement heap by setting larger STMTHEAP.\n\n\n\nor\n\n\n\n2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\n\n\n\n\u003cquery\u003e\n\n\n\n/* \u003cOPTGUIDELINES\u003e\n\n\n\n\u00a0\u00a0\u003cQRYOPT VALUE=\u00270\u0027/\u003e\n\n\n\n\u003c/OPTGUIDELINES\u003e */"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-6051",
"datePublished": "2026-05-27T13:07:47.761Z",
"dateReserved": "2026-04-09T21:45:54.618Z",
"dateUpdated": "2026-05-27T14:41:58.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47914 (GCVE-0-2025-47914)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:15
VLAI?
EPSS
Title
Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
Summary
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh/agent |
Affected:
0 , < 0.45.0
(semver)
|
Credits
Jakub Ciolek
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:50:27.263405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:50:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh/agent",
"product": "golang.org/x/crypto/ssh/agent",
"programRoutines": [
{
"name": "parseConstraints"
},
{
"name": "ForwardToAgent"
},
{
"name": "ServeAgent"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-237",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:15:00.344Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"url": "https://go.dev/cl/721960"
},
{
"url": "https://go.dev/issue/76364"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"title": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-47914",
"datePublished": "2025-11-19T20:33:43.126Z",
"dateReserved": "2025-05-13T23:31:29.597Z",
"dateUpdated": "2025-11-20T17:15:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33672 (GCVE-0-2026-33672)
Vulnerability from cvelistv5 – Published: 2026-03-26 21:39 – Updated: 2026-03-27 13:58
VLAI?
EPSS
Title
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Summary
Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.
Severity ?
5.3 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| micromatch | picomatch |
Affected:
>= 4.0.0, < 4.0.4
Affected: >= 3.0.0, < 3.0.2 Affected: < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:31:31.464766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:58:41.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "picomatch",
"vendor": "micromatch",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.2"
},
{
"status": "affected",
"version": "\u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T21:39:16.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p"
},
{
"name": "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"
}
],
"source": {
"advisory": "GHSA-3v7f-55p6-f55p",
"discovery": "UNKNOWN"
},
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33672",
"datePublished": "2026-03-26T21:39:16.362Z",
"dateReserved": "2026-03-23T16:34:59.930Z",
"dateUpdated": "2026-03-27T13:58:41.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13465 (GCVE-0-2025-13465)
Vulnerability from cvelistv5 – Published: 2026-01-21 19:05 – Updated: 2026-07-03 12:04
VLAI?
EPSS
Title
Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions
Summary
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.
The issue permits deletion of properties but does not allow overwriting their original behavior.
This issue is patched on 4.17.23
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lodash | Lodash |
Affected:
4.0.0 , ≤ 4.17.22
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Lukas Euler
Jordan Harband
Michał Lipiński
Ulises Gascón
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T19:43:10.513400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T19:43:38.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:59:53.016Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.4::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:7.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 7.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.17::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.18::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2.9::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 2.9.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "affected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:4"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:0"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "unaffected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-21T19:05:28.846Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:52.337Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"name": "RHBZ#2431740",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13465.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1845"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18480"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24331"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4782"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2818"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2438"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2462"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2819"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2817"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2816"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2452"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5633"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8229"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4466"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4467"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3962"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4630"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2675"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3782"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3870"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3422"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2990"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4423"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2661"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2672"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21658"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2078"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20042"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2119"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2984"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3869"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3884"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3710"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3825"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2145"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2147"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2148"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2149"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14870"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14871"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6288"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11414"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
},
{
"lang": "en",
"value": "RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:1845: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:18480: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24331: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:18868: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:4782: Cluster Observability Operator 1.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:2818: Red Hat Enterprise Linux High Availability EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:2438: Red Hat Enterprise Linux High Availability (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:2462: Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:2469: Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:2465: Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:2484: Red Hat Enterprise Linux High Availability E4S (v.9.0), Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:2819: Red Hat Enterprise Linux High Availability E4S (v.9.2), Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:2817: Red Hat Enterprise Linux High Availability EUS (v.9.4), Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:2816: Red Hat Enterprise Linux High Availability EUS (v.9.6), Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:2452: Red Hat Enterprise Linux High Availability (v. 9), Red Hat Enterprise Linux Resilient Storage (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:2900: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:5633: Red Hat Advanced Cluster Management for Kubernetes 2.12"
},
{
"lang": "en",
"value": "RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:3962: Red Hat Ansible Automation Platform 2.5"
},
{
"lang": "en",
"value": "RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:33154: Red Hat Ceph Storage 7.1"
},
{
"lang": "en",
"value": "RHSA-2026:4630: Red Hat Data Grid 8.6.0"
},
{
"lang": "en",
"value": "RHSA-2026:2675: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:2694: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:3782: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:3870: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:3422: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:2990: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:4423: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:2661: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:2672: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:2078: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:2651: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:2119: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:2984: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:3869: Red Hat OpenShift GitOps 1.17"
},
{
"lang": "en",
"value": "RHSA-2026:3874: Red Hat OpenShift GitOps 1.18"
},
{
"lang": "en",
"value": "RHSA-2026:3884: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:3710: Red Hat OpenShift Pipelines 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:3825: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:2145: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:2147: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:2148: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:2149: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:14870: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:14871: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:6288: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:2926: Red Hat Trusted Artifact Signer 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:3087: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:34608: Streams for Apache Kafka 2.9.4"
},
{
"lang": "en",
"value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5636: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:11414: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-21T20:01:28.774Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-21T19:05:28.846Z",
"value": "Made public."
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"https://github.com/lodash/lodash"
],
"packageName": "lodash",
"product": "Lodash",
"repo": "https://github.com/lodash/lodash",
"vendor": "Lodash",
"versions": [
{
"lessThanOrEqual": "4.17.22",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"https://github.com/lodash/lodash"
],
"product": "Lodash-amd",
"repo": "https://github.com/lodash/lodash",
"vendor": "Lodash-amd",
"versions": [
{
"lessThanOrEqual": "4.17.22",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"https://github.com/lodash/lodash"
],
"product": "lodash-es",
"repo": "https://github.com/lodash/lodash",
"vendor": "lodash-es",
"versions": [
{
"lessThanOrEqual": "4.17.22",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"https://github.com/lodash/lodash"
],
"product": "lodash.unset",
"repo": "https://github.com/lodash/lodash",
"vendor": "lodash.unset",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lukas Euler"
},
{
"lang": "en",
"type": "analyst",
"value": "Jordan Harband"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Micha\u0142 Lipi\u0144ski"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Ulises Gasc\u00f3n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the \u003ccode\u003e_.unset\u003c/code\u003e\u0026nbsp;and \u003ccode\u003e_.omit\u003c/code\u003e\u0026nbsp;functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\u003c/p\u003e\u003cp\u003eThe issue permits deletion of properties but does not allow overwriting their original behavior.\u003c/p\u003e\u003cp\u003eThis issue is patched on 4.17.23\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset\u00a0and _.omit\u00a0functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23"
}
],
"impacts": [
{
"capecId": "CAPEC-77",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-77 Manipulating User-Controlled Variables"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T19:05:28.846Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"source": {
"advisory": "GHSA-xxjr-mmjv-4gpg",
"discovery": "EXTERNAL"
},
"title": "Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2025-13465",
"datePublished": "2026-01-21T19:05:28.846Z",
"dateReserved": "2025-11-20T02:16:12.128Z",
"dateUpdated": "2026-07-03T12:04:52.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68428 (GCVE-0-2025-68428)
Vulnerability from cvelistv5 – Published: 2026-01-05 21:43 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
jsPDF has Local File Inclusion/Path Traversal vulnerability
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T15:35:22.371810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T17:38:46.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-05T21:43:55.169Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been discovered in the jdPDF npm library. User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js`."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:29.220Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"name": "RHBZ#2427236",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68428.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:1517: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:2350: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:2568: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T22:01:15.703Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-05T21:43:55.169Z",
"value": "Made public."
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:43:55.169Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
},
{
"name": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-f8cm-6447-x5h2",
"discovery": "UNKNOWN"
},
"title": "jsPDF has Local File Inclusion/Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68428",
"datePublished": "2026-01-05T21:43:55.169Z",
"dateReserved": "2025-12-17T15:29:39.378Z",
"dateUpdated": "2026-06-30T12:06:29.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9072 (GCVE-0-2026-9072)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:21 – Updated: 2026-06-24 16:53
VLAI?
EPSS
Title
WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
Severity ?
8.1 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | i |
Affected:
7.6.0 , ≤ 1.8.4
(semver)
Affected: 7.5.0 (semver) Affected: 7.4.0 (semver) Affected: 7.3.0 (semver) cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T03:56:00.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T16:53:12.528Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now.\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eIBM i Release\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e5770-SS1 Option 3\u003cbr\u003ePTF Number(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePTF Download Link(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e7.6\u003c/td\u003e\u003ctd\u003eSJ10122\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.5\u003c/td\u003e\u003ctd\u003eSJ10121\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.4\u003c/td\u003e\u003ctd\u003eSJ10120\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.3\u003c/td\u003e\u003ctd\u003eSJ10119\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now.\n\nIBM i Release5770-SS1 Option 3\nPTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119 \n\n\n\nIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9072",
"datePublished": "2026-06-22T14:21:35.024Z",
"dateReserved": "2026-05-20T11:11:47.376Z",
"dateUpdated": "2026-06-24T16:53:12.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50181 (GCVE-0-2025-50181)
Vulnerability from cvelistv5 – Published: 2025-06-19 01:08 – Updated: 2025-12-22 18:44
VLAI?
EPSS
Title
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Summary
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Severity ?
5.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:45:50.408081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:46:13.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T18:44:17.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
},
{
"name": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
},
{
"name": "https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
}
],
"source": {
"advisory": "GHSA-pq67-6m6q-mj2v",
"discovery": "UNKNOWN"
},
"title": "urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-50181",
"datePublished": "2025-06-19T01:08:00.340Z",
"dateReserved": "2025-06-13T19:17:51.726Z",
"dateUpdated": "2025-12-22T18:44:17.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48924 (GCVE-0-2025-48924)
Vulnerability from cvelistv5 – Published: 2025-07-11 14:56 – Updated: 2025-11-04 22:06
VLAI?
EPSS
Title
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Lang |
Affected:
2.0 , ≤ 2.6
(maven)
|
|||||||
|
|||||||||
Credits
OSS-Fuzz Issue 42522972
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:36:59.432024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:37:02.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:40.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unknown",
"packageName": "commons-lang:commons-lang",
"product": "Apache Commons Lang",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "2.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.commons:commons-lang3",
"product": "Apache Commons Lang",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.18.0",
"status": "affected",
"version": "3.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz Issue 42522972"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:56:58.049Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48924",
"datePublished": "2025-07-11T14:56:58.049Z",
"dateReserved": "2025-05-28T15:06:51.476Z",
"dateUpdated": "2025-11-04T22:06:40.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11546 (GCVE-0-2026-11546)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:51 – Updated: 2026-07-01 15:56
VLAI?
EPSS
Title
IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability
Summary
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.
Severity ?
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server - Liberty |
Affected:
17.0.0.3 , ≤ 26.0.0.7
(semver)
cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:55:13.407026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T15:56:05.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.7:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.7",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:51:21.924Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278572"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71841. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to \u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u00a0\u003cbr/\u003e\u003cbr/\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.7 using the adminCenter-1.0 feature:\u00a0\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278379\" rel=\"nofollow\"\u003ePH71841\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Liberty Fix Pack 26.0.0.8 or later (targeted availability 3Q2026).\u00a0\u003cbr/\u003e\u003cbr/\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71841. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.7 using the adminCenter-1.0 feature:\u00a0\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71841 https://www.ibm.com/support/pages/node/7278379 \n--OR--\n\u00b7 Apply Liberty Fix Pack 26.0.0.8 or later (targeted availability 3Q2026).\u00a0\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11546",
"datePublished": "2026-06-30T19:51:21.924Z",
"dateReserved": "2026-06-08T03:17:22.426Z",
"dateUpdated": "2026-07-01T15:56:05.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11712 (GCVE-0-2026-11712)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:45 – Updated: 2026-07-01 13:24
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability
Summary
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.
Severity ?
9.3 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0
Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:24:08.200025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:24:16.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:45:37.814Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278563\" rel=\"nofollow\"\u003ePH71756\u003c/a\u003e\u00a0and\u00a0\u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u00a0\u003c/strong\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and\u003cstrong\u003e carefully follow the instructions in \u003c/strong\u003ePH71756\u003cstrong\u003e for steps required after fixpack installation.\u003c/strong\u003e\u00a0.\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71756.\n\n\n\nAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026)\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71756 https://www.ibm.com/support/pages/node/7278563 \u00a0and\u00a0carefully follow the instructions for steps required after fix installation.\u00a0\n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026) and carefully follow the instructions in PH71756 for steps required after fixpack installation.\u00a0.\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by a cross-site scripting vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11712",
"datePublished": "2026-06-30T19:45:37.814Z",
"dateReserved": "2026-06-09T00:06:18.153Z",
"dateUpdated": "2026-07-01T13:24:16.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15284 (GCVE-0-2025-15284)
Vulnerability from cvelistv5 – Published: 2025-12-29 22:56 – Updated: 2026-02-10 20:06
VLAI?
EPSS
Title
arrayLimit bypass in bracket notation allows DoS via memory exhaustion
Summary
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1.
Summary
The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations.
Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.
Details
The arrayLimit option only checked limits for indexed notation (a[0]=1&a[1]=2) but did not enforce it for bracket notation (a[]=1&a[]=2).
Vulnerable code (lib/parse.js:159-162):
if (root === '[]' && options.parseArrays) {
obj = utils.combine([], leaf); // No arrayLimit check
}
Working code (lib/parse.js:175):
else if (index <= options.arrayLimit) { // Limit checked here
obj = [];
obj[index] = leaf;
}
The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays.
PoC
const qs = require('qs');
const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 });
console.log(result.a.length); // Output: 6 (should be max 5)
Note on parameterLimit interaction: The original advisory's "DoS demonstration" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.
Impact
Consistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T14:55:26.031863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:57:41.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://npmjs.com/qs",
"defaultStatus": "affected",
"modules": [
"parse"
],
"packageName": "qs",
"repo": "https://github.com/ljharb/qs",
"versions": [
{
"status": "affected",
"version": "\u003c 6.14.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.\u003cp\u003eThis issue affects qs: \u0026lt; 6.14.1.\u003c/p\u003e\u003ch3\u003e\u003cbr\u003eSummary\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option in qs did not enforce limits for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e), only for indexed notation (\u003ccode\u003ea[0]=1\u003c/code\u003e). This is a consistency bug; \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;should apply uniformly across all array notations.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u0026nbsp;The default \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;regardless of \u003ccode\u003earrayLimit\u003c/code\u003e, because each \u003ccode\u003ea[]=value\u003c/code\u003econsumes one parameter slot. The severity has been reduced accordingly.\u003c/p\u003e\u003ch3\u003eDetails\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option only checked limits for indexed notation (\u003ccode\u003ea[0]=1\u0026amp;a[1]=2\u003c/code\u003e) but did not enforce it for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eVulnerable code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:159-162\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eif (root === \u0027[]\u0027 \u0026amp;\u0026amp; options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWorking code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:175\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eelse if (index \u0026lt;= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThe bracket notation handler at line 159 uses \u003ccode\u003eutils.combine([], leaf)\u003c/code\u003e\u0026nbsp;without validating against \u003ccode\u003eoptions.arrayLimit\u003c/code\u003e, while indexed notation at line 175 checks \u003ccode\u003eindex \u0026lt;= options.arrayLimit\u003c/code\u003e\u0026nbsp;before creating arrays.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch3\u003ePoC\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026amp;a[]=2\u0026amp;a[]=3\u0026amp;a[]=4\u0026amp;a[]=5\u0026amp;a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eNote on parameterLimit interaction:\u003c/strong\u003e\u0026nbsp;The original advisory\u0027s \"DoS demonstration\" claimed a length of 10,000, but \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;(default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConsistency bug in \u003c/span\u003e\u003ccode\u003earrayLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;enforcement. With default \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the practical DoS risk is negligible since \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is explicitly set to a very high value.\u003c/span\u003e"
}
],
"value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummary\n\nThe arrayLimit\u00a0option in qs did not enforce limits for bracket notation (a[]=1\u0026a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit\u00a0should apply uniformly across all array notations.\n\nNote:\u00a0The default parameterLimit\u00a0of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit\u00a0regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.\n\nDetails\n\nThe arrayLimit\u00a0option only checked limits for indexed notation (a[0]=1\u0026a[1]=2) but did not enforce it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\n\n\nPoC\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\n\n\n\n\n\nNote on parameterLimit interaction:\u00a0The original advisory\u0027s \"DoS demonstration\" claimed a length of 10,000, but parameterLimit\u00a0(default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\n\nImpact\n\nConsistency bug in arrayLimit\u00a0enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit\u00a0already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit\u00a0is explicitly set to a very high value."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:06:42.111Z",
"orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"shortName": "harborist"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "arrayLimit bypass in bracket notation allows DoS via memory exhaustion",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"assignerShortName": "harborist",
"cveId": "CVE-2025-15284",
"datePublished": "2025-12-29T22:56:45.240Z",
"dateReserved": "2025-12-29T21:36:51.399Z",
"dateUpdated": "2026-02-10T20:06:42.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33228 (GCVE-0-2026-33228)
Vulnerability from cvelistv5 – Published: 2026-03-20 23:06 – Updated: 2026-07-03 12:05
VLAI?
EPSS
Title
flatted: Prototype Pollution via parse()
Summary
flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebReflection | flatted |
Affected:
< 3.4.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T17:35:34.197834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T17:57:22.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "unaffected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-20T23:06:48.485Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:05:11.579Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33228"
},
{
"name": "RHBZ#2449872",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449872"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33228.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-21T00:01:43.424Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-20T23:06:48.485Z",
"value": "Made public."
}
],
"title": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "flatted",
"vendor": "WebReflection",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \"__proto__\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T23:06:48.485Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
},
{
"name": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
},
{
"name": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
}
],
"source": {
"advisory": "GHSA-rf6f-7fwh-wjgh",
"discovery": "UNKNOWN"
},
"title": "flatted: Prototype Pollution via parse()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33228",
"datePublished": "2026-03-20T23:06:48.485Z",
"dateReserved": "2026-03-18T02:42:27.507Z",
"dateUpdated": "2026-07-03T12:05:11.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1795 (GCVE-0-2025-1795)
Vulnerability from cvelistv5 – Published: 2025-02-28 18:59 – Updated: 2026-04-21 20:15
VLAI?
EPSS
Title
Mishandling of comma during folding and unicode-encoding of email headers
Summary
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.17
(python)
Affected: 3.11.0 , < 3.11.9 (python) Affected: 3.12.0 , < 3.12.3 (python) Affected: 3.13.0a1 , < 3.13.0a5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:30:47.670593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:32:56.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:12.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"email"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.17",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.9",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.3",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a5",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
}
],
"value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:15:50.714Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/100884"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/100885"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/119099"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mishandling of comma during folding and unicode-encoding of email headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-1795",
"datePublished": "2025-02-28T18:59:31.784Z",
"dateReserved": "2025-02-28T18:49:37.957Z",
"dateUpdated": "2026-04-21T20:15:50.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6938 (GCVE-0-2026-6938)
Vulnerability from cvelistv5 – Published: 2026-05-27 13:11 – Updated: 2026-05-27 14:45
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query
Summary
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
Severity ?
6.5 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:45:23.148553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:45:33.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.\u003c/p\u003e"
}
],
"value": "IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:11:31.279Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273559"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000CfaT/dt468154\" rel=\"nofollow\"\u003eDT468154\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URL\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to authorization bypass when uploading to a remote object storage path with a special query",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE\u003c/p\u003e"
}
],
"value": "Use LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-6938",
"datePublished": "2026-05-27T13:11:31.279Z",
"dateReserved": "2026-04-23T19:16:43.392Z",
"dateUpdated": "2026-05-27T14:45:33.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31938 (GCVE-0-2026-31938)
Vulnerability from cvelistv5 – Published: 2026-03-18 03:05 – Updated: 2026-06-30 12:07
VLAI?
EPSS
Title
jsPDF has HTML Injection in New Window paths
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method.
Severity ?
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T13:59:39.345496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T13:59:51.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-18T03:05:44.964Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker can exploit this vulnerability by providing malicious input to the `options` argument of the `output` function. When a victim creates and opens a PDF using this unsanitized input, arbitrary HTML, including scripts, can be injected and executed within the victim\u0027s browser context. This Cross-Site Scripting (XSS) vulnerability allows the attacker to extract or modify sensitive information from the victim\u0027s browser."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:46.532Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-31938"
},
{
"name": "RHBZ#2448550",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448550"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31938.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7128"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T04:02:27.320Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T03:05:44.964Z",
"value": "Made public."
}
],
"title": "jspdf: jsPDF: Cross site scripting via unsanitized output options",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T03:05:44.964Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5"
},
{
"name": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
}
],
"source": {
"advisory": "GHSA-wfv2-pwc8-crg5",
"discovery": "UNKNOWN"
},
"title": "jsPDF has HTML Injection in New Window paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31938",
"datePublished": "2026-03-18T03:05:44.964Z",
"dateReserved": "2026-03-10T15:10:10.655Z",
"dateUpdated": "2026-06-30T12:07:46.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29063 (GCVE-0-2026-29063)
Vulnerability from cvelistv5 – Published: 2026-03-06 18:25 – Updated: 2026-07-02 12:04
VLAI?
EPSS
Title
Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable
Summary
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| immutable-js | immutable-js |
Affected:
< 3.8.3
Affected: < 4.3.7 Affected: < 5.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T19:32:37.694711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T19:33:31.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.12::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.12.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-06T18:25:22.438Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:04:49.685Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"name": "RHBZ#2445291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29063.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19409"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19410"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24473"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13847"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11070"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7329"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28893"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28964"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21658"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29857"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12118"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20042"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29864"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23246"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27063"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20034"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6926"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26232"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11858"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11414"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1"
},
{
"lang": "en",
"value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9"
},
{
"lang": "en",
"value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:24473: Network Observability (NETOBSERV) 1.12.0"
},
{
"lang": "en",
"value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:13847: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:7329: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:28893: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:28964: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:29857: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:29864: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:23246: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:11916: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:6720: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:6926: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26232: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:13853: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:11858: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:11414: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T19:00:57.982Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-06T18:25:22.438Z",
"value": "Made public."
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "immutable-js",
"vendor": "immutable-js",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.3"
},
{
"status": "affected",
"version": "\u003c 4.3.7"
},
{
"status": "affected",
"version": "\u003c 5.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:25:22.438Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
},
{
"name": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"name": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"name": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
}
],
"source": {
"advisory": "GHSA-wf6x-7x77-mvgw",
"discovery": "UNKNOWN"
},
"title": "Immutable.js: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) in immutable"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29063",
"datePublished": "2026-03-06T18:25:22.438Z",
"dateReserved": "2026-03-03T20:51:43.481Z",
"dateUpdated": "2026-07-02T12:04:49.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1352 (GCVE-0-2026-1352)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:37 – Updated: 2026-04-23 13:57
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity ?
6.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:57:26.724539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:57:34.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in data query logic.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in data query logic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:37:41.981Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269433"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #80714 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\nV12.1\n\n\n\nTBD\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSet the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\u003c/p\u003e\u003cp\u003edb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\"\u003c/p\u003e"
}
],
"value": "Set the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\n\ndb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\""
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1352",
"datePublished": "2026-04-22T23:37:35.127Z",
"dateReserved": "2026-01-22T17:35:12.277Z",
"dateUpdated": "2026-04-23T13:57:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10845 (GCVE-0-2026-10845)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:43 – Updated: 2026-06-22 16:06
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by an authentication bypass vulnerability
Summary
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
Severity ?
7.3 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
8.5.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 9.0.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:05:58.974560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:06:02.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 8.5 and 9.0\u0026nbsp;\u003cspan\u003ecould allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 8.5 and 9.0\u00a0could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:43:16.611Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276597"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276411\" rel=\"nofollow\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276411\" rel=\"nofollow\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71648 https://www.ibm.com/support/pages/node/7276411 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71648 https://www.ibm.com/support/pages/node/7276411 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by an authentication bypass vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-10845",
"datePublished": "2026-06-22T14:43:16.611Z",
"dateReserved": "2026-06-04T12:02:38.679Z",
"dateUpdated": "2026-06-22T16:06:02.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39892 (GCVE-0-2026-39892)
Vulnerability from cvelistv5 – Published: 2026-04-08 20:49 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
cryptography has a buffer overflow if non-contiguous buffers were passed to APIs
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyca | cryptography |
Affected:
>= 45.0.0, < 46.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-08T21:16:07.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T19:41:57.662246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:52:22.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_core"
],
"defaultStatus": "affected",
"product": "Lightspeed Core",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_core:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform Ansible Core 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-08T20:49:41.967Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:58.609Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"name": "RHBZ#2456735",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39892.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24866"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7295"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:20338: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:7295: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:24483: Red Hat Trusted Artifact Signer 1.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T22:00:59.416Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-08T20:49:41.967Z",
"value": "Made public."
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "cryptography",
"vendor": "pyca",
"versions": [
{
"status": "affected",
"version": "\u003e= 45.0.0, \u003c 46.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T20:49:41.967Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"source": {
"advisory": "GHSA-p423-j2cm-9vmq",
"discovery": "UNKNOWN"
},
"title": "cryptography has a buffer overflow if non-contiguous buffers were passed to APIs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39892",
"datePublished": "2026-04-08T20:49:41.967Z",
"dateReserved": "2026-04-07T20:32:03.011Z",
"dateUpdated": "2026-07-01T12:04:58.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1577 (GCVE-0-2026-1577)
Vulnerability from cvelistv5 – Published: 2026-04-30 21:49 – Updated: 2026-05-10 13:21
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T16:06:31.745842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T13:21:48.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in data query logic.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in data query logic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:49:24.614Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000009d3l/dt460939\" rel=\"nofollow\"\u003eDT460939\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000009d3l/dt460939\" rel=\"nofollow\"\u003eDT460939\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #80714 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query involving multiple subqueries",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1577",
"datePublished": "2026-04-30T21:49:24.614Z",
"dateReserved": "2026-01-28T21:49:07.049Z",
"dateUpdated": "2026-05-10T13:21:48.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42038 (GCVE-0-2026-42038)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:57 – Updated: 2026-04-27 13:46
VLAI?
EPSS
Title
Axios: no_proxy bypass via IP alias allows SSRF
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it. The shouldBypassProxy() function does pure string matching — it does not resolve IP aliases or loopback equivalents. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
6.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:46:29.154261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:46:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it. The shouldBypassProxy() function does pure string matching \u2014 it does not resolve IP aliases or loopback equivalents. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:57:26.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm"
}
],
"source": {
"advisory": "GHSA-m7pr-hjqh-92cm",
"discovery": "UNKNOWN"
},
"title": "Axios: no_proxy bypass via IP alias allows SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42038",
"datePublished": "2026-04-24T17:57:26.975Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-04-27T13:46:32.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24786 (GCVE-0-2024-24786)
Vulnerability from cvelistv5 – Published: 2024-03-05 22:22 – Updated: 2025-02-13 17:40
VLAI?
EPSS
Title
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
Summary
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Severity ?
7.5 (High)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| google.golang.org/protobuf | google.golang.org/protobuf/encoding/protojson |
Affected:
0 , < 1.33.0
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "go",
"vendor": "golang",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:22:27.828054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:23:32.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/569356"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240517-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "google.golang.org/protobuf/encoding/protojson",
"product": "google.golang.org/protobuf/encoding/protojson",
"programRoutines": [
{
"name": "UnmarshalOptions.unmarshal"
},
{
"name": "Unmarshal"
},
{
"name": "UnmarshalOptions.Unmarshal"
}
],
"vendor": "google.golang.org/protobuf",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "google.golang.org/protobuf/internal/encoding/json",
"product": "google.golang.org/protobuf/internal/encoding/json",
"programRoutines": [
{
"name": "Decoder.Read"
},
{
"name": "Decoder.Peek"
}
],
"vendor": "google.golang.org/protobuf",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:12:44.017Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/569356"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240517-0002/"
}
],
"title": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-24786",
"datePublished": "2024-03-05T22:22:35.299Z",
"dateReserved": "2024-01-30T16:05:14.757Z",
"dateUpdated": "2025-02-13T17:40:25.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62718 (GCVE-0-2025-62718)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:31 – Updated: 2026-07-02 12:04
VLAI?
EPSS
Title
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62718",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T15:02:50.313939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:15:31.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3.2::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 3.2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:kueue_operator:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Kueue",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-09T14:31:46.067Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:04:43.542Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"name": "RHBZ#2456913",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62718.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26010"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24766"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24866"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:26010: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:24766: Red Hat Ansible Automation Platform 2.5"
},
{
"lang": "en",
"value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:24471: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:13571: Streams for Apache Kafka 3.2.0"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-09T15:01:48.111Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-09T14:31:46.067Z",
"value": "Made public."
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.0"
},
{
"status": "affected",
"version": "\u003c 0.31.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T18:44:20.705Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
},
{
"name": "https://github.com/axios/axios/pull/10661",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/10661"
},
{
"name": "https://github.com/axios/axios/pull/10688",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/10688"
},
{
"name": "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"
},
{
"name": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"name": "https://github.com/axios/axios/releases/tag/v0.31.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v0.31.0"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.15.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
}
],
"source": {
"advisory": "GHSA-3p68-rc4w-qgx5",
"discovery": "UNKNOWN"
},
"title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62718",
"datePublished": "2026-04-09T14:31:46.067Z",
"dateReserved": "2025-10-20T19:41:22.741Z",
"dateUpdated": "2026-07-02T12:04:43.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8291 (GCVE-0-2025-8291)
Vulnerability from cvelistv5 – Published: 2025-10-07 18:10 – Updated: 2026-04-21 20:17
VLAI?
EPSS
Title
ZIP64 End of Central Directory (EOCD) Locator record offset not checked
Summary
The 'zipfile' module would not check the validity of the ZIP64 End of
Central Directory (EOCD) Locator record offset value would not be used to
locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be
assumed to be the previous record in the ZIP archive. This could be abused
to create ZIP archives that are handled differently by the 'zipfile' module
compared to other ZIP implementations.
Remediation maintains this behavior, but checks that the offset specified
in the ZIP64 EOCD Locator record matches the expected value.
Severity ?
4.3 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.19
(python)
Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) |
Credits
Caleb Brown (Google)
Serhiy Storchaka
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:15:06.403842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:15:27.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.19",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.10",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\u003c/p\u003e\n\u003cp\u003eRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.\u003c/p\u003e"
}
],
"value": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:17:51.842Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/139702"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/139700"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ZIP64 End of Central Directory (EOCD) Locator record offset not checked",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8291",
"datePublished": "2025-10-07T18:10:05.908Z",
"dateReserved": "2025-07-28T21:05:06.237Z",
"dateUpdated": "2026-04-21T20:17:51.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6069 (GCVE-0-2025-6069)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:39 – Updated: 2026-04-21 20:17
VLAI?
EPSS
Title
HTMLParser quadratic complexity when processing malformed inputs
Summary
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Severity ?
4.3 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.19
(python)
Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Serhiy Storchaka
Jake Howard
sw0rd1ight
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:58:28.646020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:58:41.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"html.parser"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.19",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "reporter",
"value": "Jake Howard"
},
{
"lang": "en",
"type": "finder",
"value": "sw0rd1ight"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:17:13.876Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135462"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135464"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTMLParser quadratic complexity when processing malformed inputs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6069",
"datePublished": "2025-06-17T13:39:46.058Z",
"dateReserved": "2025-06-13T14:05:15.473Z",
"dateUpdated": "2026-04-21T20:17:13.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1376 (GCVE-0-2025-1376)
Vulnerability from cvelistv5 – Published: 2025-02-17 04:31 – Updated: 2026-06-02 12:59
VLAI?
EPSS
Title
GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
Summary
A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
wenjusun (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:31:29.194003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:31:33.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:59:39.522Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"modules": [
"eu-strip"
],
"product": "elfutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.192"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU elfutils 0.192 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion elf_strptr in der Bibliothek /libelf/elf_strptr.c der Komponente eu-strip. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als b16f441cca0a4841050e3215a9f120a6d8aea918 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T04:31:08.264Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295984 | GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295984"
},
{
"name": "VDB-295984 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295984"
},
{
"name": "Submit #497538 | GNU elfutils/eu-strip 0.192 illegal read access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.497538"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32672"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15940"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-16T20:57:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1376",
"datePublished": "2025-02-17T04:31:08.264Z",
"dateReserved": "2025-02-16T19:52:48.908Z",
"dateUpdated": "2026-06-02T12:59:39.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24043 (GCVE-0-2026-24043)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:34 – Updated: 2026-02-03 15:27
VLAI?
EPSS
Title
jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:20:54.661574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:27:51.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T20:34:50.617Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422"
},
{
"name": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
}
],
"source": {
"advisory": "GHSA-vm32-vv63-w422",
"discovery": "UNKNOWN"
},
"title": "jsPDF Affected by Stored XMP Metadata Injection (Spoofing \u0026 Integrity Violation)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24043",
"datePublished": "2026-02-02T20:34:50.617Z",
"dateReserved": "2026-01-20T22:30:11.777Z",
"dateUpdated": "2026-02-03T15:27:51.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69873 (GCVE-0-2025-69873)
Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-06-30 03:15
VLAI?
EPSS
Summary
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
Severity ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T15:13:03.482882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T17:25:31.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:15:35.561Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"name": "RHBZ#2439070",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5910"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5907"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10093"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26211"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
},
{
"lang": "en",
"value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:7314: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:5168: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26211: Red Hat Satellite 6.18"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-11T19:01:32.953Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-11T00:00:00.000Z",
"value": "Made public."
}
],
"title": "ajv: ReDoS via $data reference",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ajv",
"vendor": "ajv.js",
"versions": [
{
"lessThan": "6.14.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.17.2",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.17.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:22:25.698Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
},
{
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
},
{
"url": "https://github.com/github/advisory-database/pull/6991"
},
{
"url": "https://github.com/ajv-validator/ajv/pull/2588"
},
{
"url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
},
{
"url": "https://github.com/ajv-validator/ajv/pull/2590"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-69873",
"datePublished": "2026-02-11T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-06-30T03:15:35.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36122 (GCVE-0-2025-36122)
Vulnerability from cvelistv5 – Published: 2026-04-30 21:48 – Updated: 2026-05-27 16:34
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:24:09.617346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:34:17.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:48:49.826Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267642"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000002v3p/dt444599\" rel=\"nofollow\"\u003eDT444599\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV12.1.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000002v3p/dt444599\" rel=\"nofollow\"\u003eDT444599\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eLatest for V12.1.4 is available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cpre\u003e\u003cbr\u003eNote: To apply this fix, it is required to set DB2_STRICT_INSTANCE_MEMORY=ON in addition to installing the above Special Build.\u003cbr\u003e\u003c/pre\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\nV12.1.4\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\nNote: To apply this fix, it is required to set DB2_STRICT_INSTANCE_MEMORY=ON in addition to installing the above Special Build.\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eset dbm cfg instance_memory to a fixed value\u003c/p\u003e"
}
],
"value": "set dbm cfg instance_memory to a fixed value"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36122",
"datePublished": "2026-04-30T21:48:49.826Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2026-05-27T16:34:17.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44432 (GCVE-0-2026-44432)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-07-02 12:04
VLAI?
EPSS
Title
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Summary
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.
Severity ?
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T18:17:39.119999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T18:25:06.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:pdrive_lightspeed:0"
],
"defaultStatus": "affected",
"product": "Pen Drive Powered by Red Hat Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5"
],
"defaultStatus": "affected",
"product": "Service Telemetry Framework 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "unaffected",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "unaffected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Virtualization",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Quarkus Native builder",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhui:4::el8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Update Infrastructure 4 for Cloud Providers",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-13T15:17:12.611Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:04:45.067Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"name": "RHBZ#2477154",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44432.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34160"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:32992"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30078"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25039"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24069"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24014"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24374"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7625"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24000"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34531"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34526"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34533"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34160: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:27929: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:32992: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:28159: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28157: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28000: Red Hat Enterprise Linux BaseOS (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:28158: Red Hat Enterprise Linux BaseOS (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:24542: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24540: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24544: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24541: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:25928: Red Hat Ansible Automation Platform 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:20338: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:33313: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25039: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7634: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24069: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:25143: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24014: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24374: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7625: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24000: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24009: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:22934: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:15862: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33683: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:30076: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:28571: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26304: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26212: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:34607: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34531: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34526: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34533: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:24476: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24483: Red Hat Trusted Artifact Signer 1.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T17:01:01.083Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-13T15:17:12.611Z",
"value": "Made public."
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:17:12.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"source": {
"advisory": "GHSA-mf9v-mfxr-j63j",
"discovery": "UNKNOWN"
},
"title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44432",
"datePublished": "2026-05-13T15:17:12.611Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-07-02T12:04:45.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68470 (GCVE-0-2025-68470)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:39 – Updated: 2026-01-12 18:17
VLAI?
EPSS
Title
React Router has unexpected external redirect via untrusted paths
Summary
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| remix-run | react-router |
Affected:
>= 7.0.0, < 7.9.6
Affected: >= 6.0.0, < 6.30.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:17:37.258808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:17:43.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "react-router",
"vendor": "remix-run",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.9.6"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.30.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:39:41.078Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m"
}
],
"source": {
"advisory": "GHSA-9jcx-v3wj-wh4m",
"discovery": "UNKNOWN"
},
"title": "React Router has unexpected external redirect via untrusted paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68470",
"datePublished": "2026-01-10T02:39:41.078Z",
"dateReserved": "2025-12-18T13:48:59.555Z",
"dateUpdated": "2026-01-12T18:17:43.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50182 (GCVE-0-2025-50182)
Vulnerability from cvelistv5 – Published: 2025-06-19 01:42 – Updated: 2025-12-22 18:43
VLAI?
EPSS
Title
urllib3 does not control redirects in browsers and Node.js
Summary
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
Severity ?
5.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:55:48.101990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:56:19.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T18:43:46.779Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"
},
{
"name": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"
},
{
"name": "https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
}
],
"source": {
"advisory": "GHSA-48p4-8xcf-vxj5",
"discovery": "UNKNOWN"
},
"title": "urllib3 does not control redirects in browsers and Node.js"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-50182",
"datePublished": "2025-06-19T01:42:44.921Z",
"dateReserved": "2025-06-13T19:17:51.726Z",
"dateUpdated": "2025-12-22T18:43:46.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14688 (GCVE-0-2025-14688)
Vulnerability from cvelistv5 – Published: 2026-04-30 21:48 – Updated: 2026-05-27 16:33
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.
Severity ?
5.3 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T16:06:41.376633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:33:29.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:48:11.642Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269424"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Msz/dt458000\" rel=\"nofollow\"\u003eDT458000\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eV12.1.4\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Msz/dt458000\" rel=\"nofollow\"\u003eDT458000\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eLatest for V12.1.4 is available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nV12.1.4\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when fetching from certain tables under specific configurations",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove registry variable DB2_EXTENDED_OPTIMIZATION=NLJN_OFLOW by:\u003c/p\u003e\u003cp\u003edb2set -im DB2_EXTENDED_OPTIMIZATION=\u003c/p\u003e"
}
],
"value": "Remove registry variable DB2_EXTENDED_OPTIMIZATION=NLJN_OFLOW by:\n\n\n\ndb2set -im DB2_EXTENDED_OPTIMIZATION="
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14688",
"datePublished": "2026-04-30T21:48:11.642Z",
"dateReserved": "2025-12-14T03:20:30.962Z",
"dateUpdated": "2026-05-27T16:33:29.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31898 (GCVE-0-2026-31898)
Vulnerability from cvelistv5 – Published: 2026-03-18 03:03 – Updated: 2026-06-30 12:07
VLAI?
EPSS
Title
jsPDF has a PDF Object Injection via FreeText color
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.
Severity ?
8.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T14:00:36.960715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T14:00:43.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-18T03:03:43.469Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the `createAnnotation` method\u0027s `color` parameter. When a user opens or interacts with the specially crafted PDF, these injected actions may execute, potentially leading to arbitrary code execution or sensitive information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:46.813Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-31898"
},
{
"name": "RHBZ#2448547",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448547"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31898.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7128"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T04:02:12.103Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T03:03:43.469Z",
"value": "Made public."
}
],
"title": "jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T03:03:43.469Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24"
},
{
"name": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8"
},
{
"name": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
}
],
"source": {
"advisory": "GHSA-7x6v-j9x4-qf24",
"discovery": "UNKNOWN"
},
"title": "jsPDF has a PDF Object Injection via FreeText color"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31898",
"datePublished": "2026-03-18T03:03:43.469Z",
"dateReserved": "2026-03-09T21:59:02.689Z",
"dateUpdated": "2026-06-30T12:07:46.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67735 (GCVE-0-2025-67735)
Vulnerability from cvelistv5 – Published: 2025-12-16 00:19 – Updated: 2025-12-16 14:26
VLAI?
EPSS
Title
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Summary
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
Severity ?
6.5 (Medium)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67735",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T14:26:21.658602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T14:26:48.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.8.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.129.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T00:19:11.287Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4"
}
],
"source": {
"advisory": "GHSA-84h7-rjj3-6jx4",
"discovery": "UNKNOWN"
},
"title": "Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67735",
"datePublished": "2025-12-16T00:19:11.287Z",
"dateReserved": "2025-12-11T00:45:45.790Z",
"dateUpdated": "2025-12-16T14:26:48.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42036 (GCVE-0-2026-42036)
Vulnerability from cvelistv5 – Published: 2026-04-24 18:00 – Updated: 2026-04-24 18:32
VLAI?
EPSS
Title
Axios: HTTP adapter streamed responses bypass maxContentLength
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42036",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T18:30:17.816440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:32:49.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: \u0027stream\u0027 is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:00:33.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99"
}
],
"source": {
"advisory": "GHSA-vf2m-468p-8v99",
"discovery": "UNKNOWN"
},
"title": "Axios: HTTP adapter streamed responses bypass maxContentLength"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42036",
"datePublished": "2026-04-24T18:00:33.121Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-04-24T18:32:49.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24133 (GCVE-0-2026-24133)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:32 – Updated: 2026-02-03 15:17
VLAI?
EPSS
Title
jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:16:10.492386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:17:40.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T20:33:35.357Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c"
},
{
"name": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
}
],
"source": {
"advisory": "GHSA-95fx-jjr5-f39c",
"discovery": "UNKNOWN"
},
"title": "jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24133",
"datePublished": "2026-02-02T20:32:37.631Z",
"dateReserved": "2026-01-21T18:38:22.474Z",
"dateUpdated": "2026-02-03T15:17:40.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7531 (GCVE-0-2024-7531)
Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2025-03-19 15:51
VLAI?
EPSS
Summary
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
Severity ?
6.3 (Medium)
CWE
- PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 129
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Lars Eggert
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-7531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T16:06:38.593212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:51:59.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lars Eggert"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Calling \u003ccode\u003ePK11_Encrypt()\u003c/code\u003e in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, and Firefox ESR \u003c 128.1."
}
],
"value": "Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, and Firefox ESR \u003c 128.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T12:38:15.496Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1905691"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-7531",
"datePublished": "2024-08-06T12:38:15.496Z",
"dateReserved": "2024-08-05T23:30:25.255Z",
"dateUpdated": "2025-03-19T15:51:59.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-25639 (GCVE-0-2026-25639)
Vulnerability from cvelistv5 – Published: 2026-02-09 20:11 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
Axios affected by Denial of Service via __proto__ Key in mergeConfig
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.
Severity ?
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:46.394625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:kueue_operator:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Kueue",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-09T20:11:22.374Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:54.324Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"name": "RHBZ#2438237",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25639.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5633"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8229"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7249"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5142"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5174"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6170"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3106"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3105"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3109"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8499"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8500"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8501"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11414"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:5633: Red Hat Advanced Cluster Management for Kubernetes 2.12"
},
{
"lang": "en",
"value": "RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:6308: Red Hat Ansible Automation Platform 2.5"
},
{
"lang": "en",
"value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:6174: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:2694: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:7249: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:5142: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:5174: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:6170: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:3107: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:3106: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:3105: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:3109: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:5665: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:4942: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:5168: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:8499: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:8500: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:8501: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:3087: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5636: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:11414: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-09T21:00:49.280Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-09T20:11:22.374Z",
"value": "Made public."
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.13.5"
},
{
"status": "affected",
"version": "\u003c 0.30.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T17:16:16.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
},
{
"name": "https://github.com/axios/axios/pull/7369",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7369"
},
{
"name": "https://github.com/axios/axios/pull/7388",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7388"
},
{
"name": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"name": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
},
{
"name": "https://github.com/axios/axios/releases/tag/v0.30.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v0.30.3"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.13.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
}
],
"source": {
"advisory": "GHSA-43fc-jf86-j433",
"discovery": "UNKNOWN"
},
"title": "Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25639",
"datePublished": "2026-02-09T20:11:22.374Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-07-01T12:04:54.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13755 (GCVE-0-2025-13755)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:46 – Updated: 2026-05-26 17:51
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:50:42.431138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:51:09.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:46:55.171Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273554"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000006rhZ/dt454491\" rel=\"nofollow\"\u003eDT454491\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000006rhZ/dt454491\" rel=\"nofollow\"\u003eDT454491\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to credential exposure in db2diag when executing specific testcase buckets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSet the diaglevel to 2, 1 or 0\u003c/p\u003e"
}
],
"value": "Set the diaglevel to 2, 1 or 0"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13755",
"datePublished": "2026-05-26T15:46:55.171Z",
"dateReserved": "2025-11-26T19:41:29.841Z",
"dateUpdated": "2026-05-26T17:51:09.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4516 (GCVE-0-2025-4516)
Vulnerability from cvelistv5 – Published: 2025-05-15 13:29 – Updated: 2026-04-21 20:16
VLAI?
EPSS
Title
Use-after-free in "unicode_escape" decoder with error handler
Summary
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.18
(python)
Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:18:44.612125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:18:50.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-19T10:03:31.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/19/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.18",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:16:47.161Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/133767"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129648"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in \"unicode_escape\" decoder with error handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4516",
"datePublished": "2025-05-15T13:29:20.126Z",
"dateReserved": "2025-05-09T14:59:53.878Z",
"dateUpdated": "2026-04-21T20:16:47.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25940 (GCVE-0-2026-25940)
Vulnerability from cvelistv5 – Published: 2026-02-19 15:26 – Updated: 2026-06-30 12:08
VLAI?
EPSS
Title
jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members.
Severity ?
8.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:07:05.792006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:35:47.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-19T15:26:57.645Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the AcroformChildClass.appearanceState property, JavaScript actions can be executed when a user opens the generated PDF document and hovers over the radio button."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:08:15.674Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25940"
},
{
"name": "RHBZ#2441016",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441016"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25940.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7128"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-19T16:04:06.757Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-19T15:26:57.645Z",
"value": "Made public."
}
],
"title": "jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, sanitize the user-provided input before passing it to the AcroformChildClass.appearanceState property or other API members. Additionally, do not open PDF documents from untrusted sources."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T15:26:57.645Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m"
},
{
"name": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
}
],
"source": {
"advisory": "GHSA-p5xg-68wr-hm3m",
"discovery": "UNKNOWN"
},
"title": "jsPDF\u0027s PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and \"AS\" property)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25940",
"datePublished": "2026-02-19T15:26:57.645Z",
"dateReserved": "2026-02-09T16:22:17.787Z",
"dateUpdated": "2026-06-30T12:08:15.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1718 (GCVE-0-2026-1718)
Vulnerability from cvelistv5 – Published: 2026-05-27 12:18 – Updated: 2026-05-27 15:00
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
Severity ?
7.1 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:58:14.515036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:00:16.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:18:40.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273555"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eremove AUTONOMOUS from procedure define\u003c/p\u003e"
}
],
"value": "remove AUTONOMOUS from procedure define"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1718",
"datePublished": "2026-05-27T12:18:40.738Z",
"dateReserved": "2026-01-30T19:11:27.471Z",
"dateUpdated": "2026-05-27T15:00:16.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1371 (GCVE-0-2025-1371)
Vulnerability from cvelistv5 – Published: 2025-02-17 02:31 – Updated: 2025-02-18 19:32
VLAI?
EPSS
Title
GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference
Summary
A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
rookie (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1371",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T18:46:54.828323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:32:38.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"eu-read"
],
"product": "elfutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.192"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "rookie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU elfutils 0.192 wurde eine problematische Schwachstelle gefunden. Dabei geht es um die Funktion handle_dynamic_symtab der Datei readelf.c der Komponente eu-read. Dank Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als b38e562a4c907e08171c76b8b2def8464d5a104a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T02:31:07.921Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295978 | GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295978"
},
{
"name": "VDB-295978 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295978"
},
{
"name": "Submit #496484 | GNU elfutils/eu-readelf 0.192 Buffer Over-read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.496484"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15926"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-16T10:15:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1371",
"datePublished": "2025-02-17T02:31:07.921Z",
"dateReserved": "2025-02-16T09:10:31.726Z",
"dateUpdated": "2025-02-18T19:32:38.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-4800 (GCVE-0-2026-4800)
Vulnerability from cvelistv5 – Published: 2026-03-31 19:25 – Updated: 2026-07-03 12:04
VLAI?
EPSS
Title
lodash vulnerable to Code Injection via `_.template` imports key names
Summary
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.
When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.
Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().
Patches:
Users should upgrade to version 4.18.0.
Workarounds:
Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.
Severity ?
8.1 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| lodash | lodash |
Affected:
4.0.0 , < 4.18.0
(semver)
Unaffected: 4.18.0 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
dolevmiz1
bugbunny-research
M0nd0R
UlisesGascon
falsyvalues
jonchurch
threalwinky
jdalton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T20:36:55.080392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T20:37:03.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::highavailability"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux High Availability (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.18::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Resilient Storage (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2.9::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 2.9.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3.2::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 3.2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-31T19:25:55.987Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function()."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:51.926Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"name": "RHBZ#2453496",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4800.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17789"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24331"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10713"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19008"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11494"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11495"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11454"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11516"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10710"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19167"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19409"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19410"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13553"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22619"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21658"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17448"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20042"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29795"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20946"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20943"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17549"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17550"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17547"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12279"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14870"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14871"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8498"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10131"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:24331: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:11470: Red Hat Enterprise Linux High Availability EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10713: Red Hat Enterprise Linux High Availability (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19008: Red Hat Enterprise Linux High Availability (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:11493: Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11494: Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:11495: Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:11454: Red Hat Enterprise Linux High Availability E4S (v.9.0), Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:11469: Red Hat Enterprise Linux High Availability E4S (v.9.2), Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:11516: Red Hat Enterprise Linux High Availability EUS (v.9.4), Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11471: Red Hat Enterprise Linux High Availability EUS (v.9.6), Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:10710: Red Hat Enterprise Linux High Availability (v. 9), Red Hat Enterprise Linux Resilient Storage (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19167: Red Hat Enterprise Linux High Availability (v. 9), Red Hat Enterprise Linux Resilient Storage (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1"
},
{
"lang": "en",
"value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:13553: Red Hat Ansible Automation Platform 2.5"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:22619: Red Hat Data Grid 8.6.1"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:29795: Red Hat OpenShift Container Platform 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
},
{
"lang": "en",
"value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:17549: Red Hat Openshift Data Foundation 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:17550: Red Hat Openshift Data Foundation 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:17547: Red Hat Openshift Data Foundation 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
},
{
"lang": "en",
"value": "RHSA-2026:14870: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:14871: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:8498: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:10131: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:34608: Streams for Apache Kafka 2.9.4"
},
{
"lang": "en",
"value": "RHSA-2026:13571: Streams for Apache Kafka 3.2.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-31T20:01:21.918Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-31T19:25:55.987Z",
"value": "Made public."
}
],
"title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash",
"product": "lodash",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash-es",
"product": "lodash-es",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash-amd",
"product": "lodash-amd",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash.template",
"product": "lodash.template",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dolevmiz1"
},
{
"lang": "en",
"type": "reporter",
"value": "bugbunny-research"
},
{
"lang": "en",
"type": "reporter",
"value": "M0nd0R"
},
{
"lang": "en",
"type": "remediation developer",
"value": "UlisesGascon"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "falsyvalues"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "jonchurch"
},
{
"lang": "en",
"type": "reporter",
"value": "threalwinky"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "jdalton"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names."
}
],
"value": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:25:55.987Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
},
{
"url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-4800",
"datePublished": "2026-03-31T19:25:55.987Z",
"dateReserved": "2026-03-25T09:12:38.355Z",
"dateUpdated": "2026-07-03T12:04:51.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12183 (GCVE-0-2025-12183)
Vulnerability from cvelistv5 – Published: 2025-11-28 15:52 – Updated: 2025-12-29 12:41
VLAI?
EPSS
Title
org.lz4:lz4-java - Out-of-Bounds Memory Access
Summary
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Jonas Konrad (Oracle corp.)
Marcono1234
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T16:33:58.174474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T16:34:40.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-01T21:03:11.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/01/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo1.maven.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.lz4:lz4-java",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo1.maven.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.lz4:lz4-pure-java",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo1.maven.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net.jpountz.lz4:lz4",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jonas Konrad (Oracle corp.)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Marcono1234"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.\u003c/span\u003e"
}
],
"value": "Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T12:41:30.868Z",
"orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"shortName": "Sonatype"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.sonatype.com/security-advisories/cve-2025-12183"
},
{
"tags": [
"patch"
],
"url": "https://github.com/yawkat/lz4-java/releases/tag/v1.8.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "org.lz4:lz4-java - Out-of-Bounds Memory Access",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"assignerShortName": "Sonatype",
"cveId": "CVE-2025-12183",
"datePublished": "2025-11-28T15:52:56.140Z",
"dateReserved": "2025-10-24T19:24:16.368Z",
"dateUpdated": "2025-12-29T12:41:30.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9320 (GCVE-0-2026-9320)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:53 – Updated: 2026-06-22 16:05
VLAI?
EPSS
Title
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
Summary
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Severity ?
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 8.5.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:05:05.534855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:05:22.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.6",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:54:35.574Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276579"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276381\" rel=\"nofollow\"\u003ePH71631\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276399\" rel=\"nofollow\"\u003ePH71370\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71631 and PH71370. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to\u00a0 How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6 using the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0, servlet-6.1, websocket-1.0, websocket-1.1, websocket-2.0, websocket-2.1, or websocket-2.2 feature:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71631 https://www.ibm.com/support/pages/node/7276381 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix that resolves PH71370 https://www.ibm.com/support/pages/node/7276399 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9320",
"datePublished": "2026-06-22T14:53:36.057Z",
"dateReserved": "2026-05-22T20:33:33.213Z",
"dateUpdated": "2026-06-22T16:05:22.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4923 (GCVE-0-2026-4923)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:02 – Updated: 2026-03-27 13:58
VLAI?
EPSS
Title
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Summary
Impact:
When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.
Unsafe examples:
/*foo-*bar-:baz
/*a-:b-*c-:d
/x/*a-:b/*c/y
Safe examples:
/*foo-:bar
/*foo-:bar-*baz
Patches:
Upgrade to version 8.4.0.
Workarounds:
If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.
Severity ?
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| path-to-regexp | path-to-regexp |
Affected:
8.0.0 , < 8.4.0
(semver)
Unaffected: 8.4.0 (semver) |
Credits
blakeembrey
UlisesGascon
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:46:47.360477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:58:03.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/path-to-regexp",
"product": "path-to-regexp",
"vendor": "path-to-regexp",
"versions": [
{
"lessThan": "8.4.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "blakeembrey"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
}
],
"value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:02:00.729Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-4923",
"datePublished": "2026-03-26T19:02:00.729Z",
"dateReserved": "2026-03-26T18:05:44.717Z",
"dateUpdated": "2026-03-27T13:58:03.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22029 (GCVE-0-2026-22029)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:42 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
React Router vulnerable to XSS via Open Redirects
Summary
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| remix-run | react-router |
Affected:
>= 7.0.0, < 7.12.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T04:55:53.265498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:50.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.26::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:0"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:7"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:kueue_operator:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Kueue",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-10T02:42:32.736Z",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:07.069Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"name": "RHBZ#2428412",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22029.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3959"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5633"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8229"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2572"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3782"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21658"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20042"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2147"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2148"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2149"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26420"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26413"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:3959: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:5633: Red Hat Advanced Cluster Management for Kubernetes 2.12"
},
{
"lang": "en",
"value": "RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:2572: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:1517: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:2350: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:2568: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:2694: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:3782: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:2456: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"lang": "en",
"value": "RHSA-2026:2147: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:2148: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:2149: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:26413: Red Hat Openshift Data Foundation 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:3087: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5636: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-10T04:01:03.694Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-10T02:42:32.736Z",
"value": "Made public."
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "react-router",
"vendor": "remix-run",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.12.0"
}
]
},
{
"product": "@remix-run/router",
"vendor": "remix-run",
"versions": [
{
"status": "affected",
"version": "\u003c 1.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:58:42.516Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"source": {
"advisory": "GHSA-2w69-qvjg-hvjx",
"discovery": "UNKNOWN"
},
"title": "React Router vulnerable to XSS via Open Redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22029",
"datePublished": "2026-01-10T02:42:32.736Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-06-30T12:06:07.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25755 (GCVE-0-2026-25755)
Vulnerability from cvelistv5 – Published: 2026-02-19 14:41 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:07:08.992065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:36:10.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-19T14:41:46.941Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:31.476Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25755"
},
{
"name": "RHBZ#2440993",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25755.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7128"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-19T15:01:21.761Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-19T14:41:46.941Z",
"value": "Made public."
}
],
"title": "jsPDF: PDF object injection via unsanitized input in addJS method",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses. Additionally, do not open PDF documents from untrusted sources."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T15:26:05.745Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"
},
{
"name": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"
},
{
"name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
}
],
"source": {
"advisory": "GHSA-9vjf-qc39-jprp",
"discovery": "UNKNOWN"
},
"title": "jsPDF has PDF Object Injection via Unsanitized Input in addJS Method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25755",
"datePublished": "2026-02-19T14:41:46.941Z",
"dateReserved": "2026-02-05T18:35:52.357Z",
"dateUpdated": "2026-06-30T12:06:31.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3572 (GCVE-0-2021-3572)
Vulnerability from cvelistv5 – Published: 2021-11-10 17:55 – Updated: 2024-08-03 17:01
VLAI?
EPSS
Summary
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | python-pip |
Affected:
fixed in python-pip 21.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-pip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in python-pip 21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:29.286Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3572",
"datePublished": "2021-11-10T17:55:47.000Z",
"dateReserved": "2021-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29869 (GCVE-0-2024-29869)
Vulnerability from cvelistv5 – Published: 2025-01-28 21:31 – Updated: 2025-01-29 14:26
VLAI?
EPSS
Title
Apache Hive: Credentials file created with non restrictive permissions
Summary
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Affected:
1.1.0 , < 4.0.1
(semver)
|
Credits
Andrea Cosentino
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-28T23:02:36.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/28/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:24:47.416197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T14:26:24.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-exec",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file.\u0026nbsp;Users are recommended to upgrade to version 4.0.1, which fixes this issue.\u003cbr\u003e"
}
],
"value": "Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file.\u00a0Users are recommended to upgrade to version 4.0.1, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T21:31:43.422Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/apache/hive"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620"
},
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/HIVE-28134"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6"
}
],
"source": {
"defect": [
"HIVE-28134"
],
"discovery": "UNKNOWN"
},
"title": "Apache Hive: Credentials file created with non restrictive permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29869",
"datePublished": "2025-01-28T21:31:43.422Z",
"dateReserved": "2024-03-21T10:17:30.548Z",
"dateUpdated": "2025-01-29T14:26:24.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-9006 (GCVE-0-2026-9006)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:46 – Updated: 2026-06-24 03:56
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by server-side request forgery
Summary
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
Severity ?
7.4 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 8.5.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T03:56:08.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:46:47.768Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276600"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276400\" rel=\"nofollow\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276400\" rel=\"nofollow\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by server-side request forgery",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9006",
"datePublished": "2026-06-22T14:46:47.768Z",
"dateReserved": "2026-05-19T13:59:27.241Z",
"dateUpdated": "2026-06-24T03:56:08.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4926 (GCVE-0-2026-4926)
Vulnerability from cvelistv5 – Published: 2026-03-26 18:59 – Updated: 2026-06-30 12:10
VLAI?
EPSS
Title
path-to-regexp vulnerable to Denial of Service via sequential optional groups
Summary
Impact:
A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.
Patches:
Fixed in version 8.4.0.
Workarounds:
Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| path-to-regexp | path-to-regexp |
Affected:
8.0.0 , < 8.4.0
(semver)
Unaffected: 8.4.0 (semver) |
Credits
uug4na
blakeembrey
UlisesGascon
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T19:44:44.790485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:44:53.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Virtualization 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-26T18:59:38.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:10:34.415Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4926"
},
{
"name": "RHBZ#2451867",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4926.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17789"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19409"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19410"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24866"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10172"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10153"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1"
},
{
"lang": "en",
"value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9"
},
{
"lang": "en",
"value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-26T20:03:28.427Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-26T18:59:38.000Z",
"value": "Made public."
}
],
"title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/path-to-regexp",
"product": "path-to-regexp",
"vendor": "path-to-regexp",
"versions": [
{
"lessThan": "8.4.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "uug4na"
},
{
"lang": "en",
"type": "remediation developer",
"value": "blakeembrey"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
}
],
"value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:59:38.000Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-4926",
"datePublished": "2026-03-26T18:59:38.000Z",
"dateReserved": "2026-03-26T18:36:49.229Z",
"dateUpdated": "2026-06-30T12:10:34.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25535 (GCVE-0-2026-25535)
Vulnerability from cvelistv5 – Published: 2026-02-19 14:34 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T16:03:04.920714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T16:03:26.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-19T14:34:05.648Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:34.040Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25535"
},
{
"name": "RHBZ#2440992",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25535.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7128"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-19T15:01:17.455Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-19T14:34:05.648Z",
"value": "Made public."
}
],
"title": "jsPDF: denial of service via malicious GIF dimensions",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T14:34:05.648Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"
},
{
"name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"
},
{
"name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
}
],
"source": {
"advisory": "GHSA-67pg-wm7f-q7fj",
"discovery": "UNKNOWN"
},
"title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25535",
"datePublished": "2026-02-19T14:34:05.648Z",
"dateReserved": "2026-02-02T19:59:47.374Z",
"dateUpdated": "2026-06-30T12:06:34.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11594 (GCVE-0-2026-11594)
Vulnerability from cvelistv5 – Published: 2026-06-30 20:50 – Updated: 2026-07-01 14:29
VLAI?
EPSS
Title
IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
Summary
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.
Severity ?
8.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0
Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:49:02.894633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:29:19.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T20:50:34.772Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277546"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11594",
"datePublished": "2026-06-30T20:50:34.772Z",
"dateReserved": "2026-06-08T14:06:40.450Z",
"dateUpdated": "2026-07-01T14:29:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42033 (GCVE-0-2026-42033)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:36 – Updated: 2026-07-01 12:04
VLAI?
EPSS
Title
Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining access to request credentials, headers, and body. The precondition is prototype pollution from a separate source in the same process. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
7.4 (High)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42033",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T03:55:57.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8.6.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Migration Toolkit 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-24T17:36:44.132Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:58.044Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"name": "RHBZ#2461607",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42033.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25273"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22619"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26232"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25271"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19109"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:22619: Red Hat Data Grid 8.6.1"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:26234: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25041: Red Hat Migration Toolkit 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26232: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26225: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:25271: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:17657: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:17699: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T18:01:20.937Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-24T17:36:44.132Z",
"value": "Made public."
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining access to request credentials, headers, and body. The precondition is prototype pollution from a separate source in the same process. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:36:44.132Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"source": {
"advisory": "GHSA-pf86-5x62-jrwf",
"discovery": "UNKNOWN"
},
"title": "Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42033",
"datePublished": "2026-04-24T17:36:44.132Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-07-01T12:04:58.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24040 (GCVE-0-2026-24040)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:38 – Updated: 2026-02-03 15:30
VLAI?
EPSS
Title
jsPDF has a Shared State Race Condition in addJS Plugin
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:29:49.991694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:30:05.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T20:38:24.732Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4"
},
{
"name": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
}
],
"source": {
"advisory": "GHSA-cjw8-79x6-5cj4",
"discovery": "UNKNOWN"
},
"title": "jsPDF has a Shared State Race Condition in addJS Plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24040",
"datePublished": "2026-02-02T20:38:24.732Z",
"dateReserved": "2026-01-20T22:30:11.777Z",
"dateUpdated": "2026-02-03T15:30:05.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44431 (GCVE-0-2026-44431)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-06-26 11:01
VLAI?
EPSS
Title
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Summary
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T16:51:26.677054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:17:07.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-26T11:01:19.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.23, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:20:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"source": {
"advisory": "GHSA-qccp-gfcp-xxvc",
"discovery": "UNKNOWN"
},
"title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44431",
"datePublished": "2026-05-13T15:20:24.588Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-06-26T11:01:19.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11541 (GCVE-0-2026-11541)
Vulnerability from cvelistv5 – Published: 2026-06-30 20:56 – Updated: 2026-07-01 14:52
VLAI?
EPSS
Title
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
Summary
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
Severity ?
7.4 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0
Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:52:04.153923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:52:15.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.6",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T20:56:04.135Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277550"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277460\" rel=\"nofollow\"\u003ePH71808\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71808 https://www.ibm.com/support/pages/node/7277460 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11541",
"datePublished": "2026-06-30T20:56:04.135Z",
"dateReserved": "2026-06-08T02:55:08.653Z",
"dateUpdated": "2026-07-01T14:52:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6052 (GCVE-0-2026-6052)
Vulnerability from cvelistv5 – Published: 2026-05-27 13:09 – Updated: 2026-05-27 15:22
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T15:21:52.352065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:22:19.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:09:29.770Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273557"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to running out of memory when executing certain queries with MDC tables",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDo not use Multi-Clustering-Dimensional (MDC) tables\u003c/p\u003e"
}
],
"value": "Do not use Multi-Clustering-Dimensional (MDC) tables"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-6052",
"datePublished": "2026-05-27T13:09:29.770Z",
"dateReserved": "2026-04-09T22:08:53.174Z",
"dateUpdated": "2026-05-27T15:22:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24737 (GCVE-0-2026-24737)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:29 – Updated: 2026-06-30 12:06
VLAI?
EPSS
Title
jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.
Severity ?
8.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:07:06.608038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:07:51.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-02T20:29:05.011Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacker to inject arbitrary PDF objects, including JavaScript actions, which are then executed when a victim opens the crafted PDF document, leading to arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:37.757Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-24737"
},
{
"name": "RHBZ#2436115",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436115"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24737.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4466"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4467"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T00:01:51.004Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-02T20:29:05.011Z",
"value": "Made public."
}
],
"title": "jsPDF: jsPDF: Arbitrary code execution via unsanitized input in Acroform module",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, avoid processing untrusted or unverified PDF documents with applications utilizing the jsPDF library. Ensure that any input provided to jsPDF\u0027s AcroForm methods and properties is properly sanitized to prevent the injection of arbitrary PDF objects and JavaScript actions. This operational control reduces the risk of arbitrary JavaScript execution."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T20:29:05.011Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328"
},
{
"name": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
}
],
"source": {
"advisory": "GHSA-pqxr-3g65-p328",
"discovery": "UNKNOWN"
},
"title": "jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24737",
"datePublished": "2026-02-02T20:29:05.011Z",
"dateReserved": "2026-01-26T19:06:16.059Z",
"dateUpdated": "2026-06-30T12:06:37.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33532 (GCVE-0-2026-33532)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:49 – Updated: 2026-03-30 11:26
VLAI?
EPSS
Title
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Summary
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.
Severity ?
4.3 (Medium)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T11:26:14.745560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:26:26.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "yaml",
"vendor": "eemeli",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.8.3"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2\u201310 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application\u0027s exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000\u20135,000 levels of nesting (2\u201310 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library\u0027s `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:49:03.842Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp"
},
{
"name": "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b"
},
{
"name": "https://github.com/eemeli/yaml/releases/tag/v1.10.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eemeli/yaml/releases/tag/v1.10.3"
},
{
"name": "https://github.com/eemeli/yaml/releases/tag/v2.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eemeli/yaml/releases/tag/v2.8.3"
}
],
"source": {
"advisory": "GHSA-48c2-rrv3-qjmp",
"discovery": "UNKNOWN"
},
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33532",
"datePublished": "2026-03-26T19:49:03.842Z",
"dateReserved": "2026-03-20T18:05:11.830Z",
"dateUpdated": "2026-03-30T11:26:26.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11714 (GCVE-0-2026-11714)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:44 – Updated: 2026-07-01 14:29
VLAI?
EPSS
Title
IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability
Summary
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
Severity ?
8.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server - Liberty |
Affected:
17.0.0.3 , ≤ 26.0.0.7
(semver)
cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:50:11.276000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:29:56.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.7:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.7",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:44:49.769Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278580"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71873. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to \u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u00a0\u003cbr/\u003e\u003cbr/\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.7 using the apiDiscovery-1.0 feature:\u00a0\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7278406\" rel=\"nofollow\"\u003ePH71873\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Liberty Fix Pack 26.0.0.8 or later (targeted availability 3Q2026).\u00a0\u003cbr/\u003e\u003cbr/\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71873. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.7 using the apiDiscovery-1.0 feature:\u00a0\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71873 https://www.ibm.com/support/pages/node/7278406 \n--OR--\n\u00b7 Apply Liberty Fix Pack 26.0.0.8 or later (targeted availability 3Q2026).\u00a0\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-11714",
"datePublished": "2026-06-30T19:44:49.769Z",
"dateReserved": "2026-06-09T00:14:50.812Z",
"dateUpdated": "2026-07-01T14:29:56.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42037 (GCVE-0-2026-42037)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:58 – Updated: 2026-04-27 17:37
VLAI?
EPSS
Title
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
Summary
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF (\r\n) sequences. An attacker who controls the .type property of a Blob/File-like object (e.g., via a user-uploaded file in a Node.js proxy service) can inject arbitrary MIME part headers into the multipart form-data body. This bypasses Node.js v18+ built-in header protections because the injection targets the multipart body structure, not HTTP request headers. This vulnerability is fixed in 1.15.1.
Severity ?
5.3 (Medium)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42037",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T17:36:52.038565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T17:37:06.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF (\\r\\n) sequences. An attacker who controls the .type property of a Blob/File-like object (e.g., via a user-uploaded file in a Node.js proxy service) can inject arbitrary MIME part headers into the multipart form-data body. This bypasses Node.js v18+ built-in header protections because the injection targets the multipart body structure, not HTTP request headers. This vulnerability is fixed in 1.15.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:58:16.058Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77"
}
],
"source": {
"advisory": "GHSA-445q-vr5w-6q77",
"discovery": "UNKNOWN"
},
"title": "Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42037",
"datePublished": "2026-04-24T17:58:16.058Z",
"dateReserved": "2026-04-23T16:05:01.708Z",
"dateUpdated": "2026-04-27T17:37:06.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6053 (GCVE-0-2026-6053)
Vulnerability from cvelistv5 – Published: 2026-05-27 13:10 – Updated: 2026-05-29 15:32
VLAI?
EPSS
Title
IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
Severity ?
5.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:32:03.289212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:32:13.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:10:05.402Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273556"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTurn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing.\u003c/p\u003e"
}
],
"value": "Turn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-6053",
"datePublished": "2026-05-27T13:10:05.402Z",
"dateReserved": "2026-04-09T22:16:06.393Z",
"dateUpdated": "2026-05-29T15:32:13.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33750 (GCVE-0-2026-33750)
Vulnerability from cvelistv5 – Published: 2026-03-27 14:04 – Updated: 2026-03-27 14:48
VLAI?
EPSS
Title
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Summary
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| juliangruber | brace-expansion |
Affected:
>= 4.0.0, < 5.0.5
Affected: >= 3.0.0, < 3.0.2 Affected: >= 2.0.0, < 2.0.3 Affected: < 1.1.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:47:58.490818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:48:06.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "brace-expansion",
"vendor": "juliangruber",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 5.0.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.2"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"status": "affected",
"version": "\u003c 1.1.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:04:52.297Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v"
},
{
"name": "https://github.com/juliangruber/brace-expansion/issues/98",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/issues/98"
},
{
"name": "https://github.com/juliangruber/brace-expansion/pull/95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/pull/95"
},
{
"name": "https://github.com/juliangruber/brace-expansion/pull/96",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/pull/96"
},
{
"name": "https://github.com/juliangruber/brace-expansion/pull/97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/pull/97"
},
{
"name": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5"
},
{
"name": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"
},
{
"name": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a"
},
{
"name": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113"
},
{
"name": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184"
}
],
"source": {
"advisory": "GHSA-f886-m6hf-6m8v",
"discovery": "UNKNOWN"
},
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33750",
"datePublished": "2026-03-27T14:04:52.297Z",
"dateReserved": "2026-03-23T18:30:14.124Z",
"dateUpdated": "2026-03-27T14:48:06.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7246 (GCVE-0-2026-7246)
Vulnerability from cvelistv5 – Published: 2026-04-30 13:16 – Updated: 2026-06-30 03:20
VLAI?
EPSS
Title
Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Summary
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pallets Click | Click |
Affected:
0 , < 8.3.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7246",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:39:25.058670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:40:48.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-30T13:16:44.050Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit() function, allows an attacker with an unprivileged account to execute arbitrary operating system (OS) commands. This could lead to unauthorized control over the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:20:49.760Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-7246"
},
{
"name": "RHBZ#2464121",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464121"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7246.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T14:00:58.850Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-30T13:16:44.050Z",
"value": "Made public."
}
],
"title": "github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Click",
"vendor": "Pallets Click",
"versions": [
{
"lessThan": "8.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T16:41:32.372Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/pallets/click/releases/tag/8.3.3"
},
{
"url": "https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pallets Click contains a command injection via Unsanitized Filename \"click.edit()\"",
"x_generator": {
"engine": "VINCE 3.0.39",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7246"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-7246",
"datePublished": "2026-04-30T13:16:44.050Z",
"dateReserved": "2026-04-27T17:37:48.878Z",
"dateUpdated": "2026-06-30T03:20:49.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2950 (GCVE-0-2026-2950)
Vulnerability from cvelistv5 – Published: 2026-03-31 19:18 – Updated: 2026-04-01 13:43
VLAI?
EPSS
Title
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
Summary
Impact:
Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.
The issue permits deletion of prototype properties but does not allow overwriting their original behavior.
Patches:
This issue is patched in 4.18.0.
Workarounds:
None. Upgrade to the patched version.
Severity ?
6.5 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| lodash | lodash |
Affected:
4.17.23 , < 4.18.0
(semver)
Unaffected: 4.18.0 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
Haruna38
shpik-kr
maru1009
ott3r07
zolbooo
backuardo
falsyvalues
jonchurch
jdalton
UlisesGascon
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:14.280375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:21.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash",
"product": "lodash",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.17.23",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash-es",
"product": "lodash-es",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.17.23",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash-amd",
"product": "lodash-amd",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.17.23",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/lodash.unset",
"product": "lodash.unset",
"vendor": "lodash",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.18.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Haruna38"
},
{
"lang": "en",
"type": "finder",
"value": "shpik-kr"
},
{
"lang": "en",
"type": "finder",
"value": "maru1009"
},
{
"lang": "en",
"type": "finder",
"value": "ott3r07"
},
{
"lang": "en",
"type": "finder",
"value": "zolbooo"
},
{
"lang": "en",
"type": "finder",
"value": "backuardo"
},
{
"lang": "en",
"type": "remediation developer",
"value": "falsyvalues"
},
{
"lang": "en",
"type": "remediation developer",
"value": "jonchurch"
},
{
"lang": "en",
"type": "analyst",
"value": "jdalton"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version."
}
],
"value": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:18:35.796Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-2950",
"datePublished": "2026-03-31T19:18:35.796Z",
"dateReserved": "2026-02-21T20:04:35.087Z",
"dateUpdated": "2026-04-01T13:43:21.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27904 (GCVE-0-2026-27904)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:07 – Updated: 2026-02-26 19:21
VLAI?
EPSS
Title
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
Summary
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27904",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:21:18.964387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:21:39.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "minimatch",
"vendor": "isaacs",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.2.3"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.0.7"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.4.8"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.2.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.8"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.2.5"
},
{
"status": "affected",
"version": "\u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:07:42.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"source": {
"advisory": "GHSA-23c5-xmqv-rm74",
"discovery": "UNKNOWN"
},
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27904",
"datePublished": "2026-02-26T01:07:42.693Z",
"dateReserved": "2026-02-24T15:19:29.718Z",
"dateUpdated": "2026-02-26T19:21:39.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58181 (GCVE-0-2025-58181)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:14
VLAI?
EPSS
Title
Unbounded memory consumption in golang.org/x/crypto/ssh
Summary
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh |
Affected:
0 , < 0.45.0
(semver)
|
Credits
Jakub Ciolek
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:49:06.918113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:49:26.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh",
"product": "golang.org/x/crypto/ssh",
"programRoutines": [
{
"name": "parseGSSAPIPayload"
},
{
"name": "NewServerConn"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:14:59.856Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"url": "https://go.dev/cl/721961"
},
{
"url": "https://go.dev/issue/76363"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"title": "Unbounded memory consumption in golang.org/x/crypto/ssh"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-58181",
"datePublished": "2025-11-19T20:33:42.795Z",
"dateReserved": "2025-08-27T14:50:58.691Z",
"dateUpdated": "2025-11-20T17:14:59.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42264 (GCVE-0-2026-42264)
Vulnerability from cvelistv5 – Published: 2026-05-08 03:20 – Updated: 2026-07-03 12:04
VLAI?
EPSS
Title
Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking
Summary
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request. This issue has been patched in version 1.15.2.
Severity ?
7.4 (High)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T03:55:55.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_profile_analyzer:2"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Profile Analyzer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unknown",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_spring_boot:4"
],
"defaultStatus": "unknown",
"product": "Red Hat build of Apache Camel for Spring Boot 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "unknown",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-08T03:20:24.248Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into core JavaScript objects. When another component in the same application environment is compromised and pollutes the system\u0027s object prototype, Axios can unknowingly use these manipulated values in its outbound network requests. This could lead to the disclosure of sensitive information or the alteration of network communications, compromising data confidentiality and integrity."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:55.635Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42264"
},
{
"name": "RHBZ#2467927",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467927"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42264.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20938"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20938: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-08T04:02:21.039Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-08T03:20:24.248Z",
"value": "Made public."
}
],
"title": "axios: Axios: Prototype pollution allows information disclosure and request manipulation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request. This issue has been patched in version 1.15.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T03:20:24.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
},
{
"name": "https://github.com/axios/axios/pull/10779",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/10779"
},
{
"name": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.15.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.15.2"
}
],
"source": {
"advisory": "GHSA-q8qp-cvcw-x6jj",
"discovery": "UNKNOWN"
},
"title": "Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42264",
"datePublished": "2026-05-08T03:20:24.248Z",
"dateReserved": "2026-04-26T11:53:27.706Z",
"dateUpdated": "2026-07-03T12:04:55.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3676 (GCVE-0-2026-3676)
Vulnerability from cvelistv5 – Published: 2026-05-27 12:48 – Updated: 2026-05-27 14:38
VLAI?
EPSS
Title
There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
Severity ?
6.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Cloud APM, Base Private |
Affected:
8.1.4 , ≤ ) Interim Fix 021
(semver)
cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:34:24.394252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:38:08.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Base Private",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": ") Interim Fix 021",
"status": "affected",
"version": "8.1.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_advanced_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Advanced Private",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.\u003c/p\u003e"
}
],
"value": "IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:48:42.947Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273649"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-when-stmtheap-set-automatic-cve-2025-36122\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic (CVE-2025-36122)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-when-fetching-certain-tables-under-specific-configurations-cve-2025-14688\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin:\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-affected-vulnerability-netty-codec-http-41127-cve-2025-67735\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/node/7257695\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-trap-or-return-sqlcode-901-when-compiling-specially-crafted-query-defined-index-cve-2026-1352\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-involving-multiple-subqueries-cve-2026-1577\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eTo use your updated DB2 V11.5 server with your IBM Cloud Application Performance Management product, apply the 8.1.4.0-IBM-APM-SERVER-IF0004 or later server patch to the system where the Cloud APM server is installed. Interim fixes for the Cloud APM server version 8.1.4 are available to download from IBM Fix Central at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\n\n\n\nSecurity Bulletin: https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026source=SAR\u0026function=fixId\u0026parent=IBM%20Performance%20Management%20family"
}
],
"title": "There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3676",
"datePublished": "2026-05-27T12:48:42.947Z",
"dateReserved": "2026-03-06T21:17:59.734Z",
"dateUpdated": "2026-05-27T14:38:08.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42042 (GCVE-0-2026-42042)
Vulnerability from cvelistv5 – Published: 2026-04-24 18:03 – Updated: 2026-04-27 17:35
VLAI?
EPSS
Title
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1.
Severity ?
5.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42042",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T17:35:32.406605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T17:35:41.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.15.1"
},
{
"status": "affected",
"version": "\u003c 0.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library\u0027s XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-183",
"description": "CWE-183: Permissive List of Allowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:03:29.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c"
}
],
"source": {
"advisory": "GHSA-xx6v-rp6x-q39c",
"discovery": "UNKNOWN"
},
"title": "Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42042",
"datePublished": "2026-04-24T18:03:29.924Z",
"dateReserved": "2026-04-23T16:05:01.709Z",
"dateUpdated": "2026-04-27T17:35:41.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13772 (GCVE-0-2026-13772)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:21 – Updated: 2026-07-03 03:56
VLAI?
EPSS
Title
IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
Summary
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries
Severity ?
7.5 (High)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Extreme Scale |
Affected:
8.6.1.0 , ≤ 8.6.1.6
(semver)
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:12.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Extreme Scale",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.6.1.6",
"status": "affected",
"version": "8.6.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 \u0027s Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries\u003c/p\u003e"
}
],
"value": "IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 \u0027s Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:21:43.212Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278593"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf eXtreme Scale is being used as a Session Cache (Session Grid), this vulnerability is not applicable. In a Session Grid deployment, applications typically use eXtreme Scale only to store and retrieve HTTP session data and do not create or execute Object Query Language (OQL) queries against the session data. As a result, the vulnerable OQL functionality is not exercised.\u003cbr/\u003eIf eXtreme Scale is being used as a Simple Grid and the application executes OQL queries, the risk can be mitigated through application code changes. Recommended mitigation strategies include:\u003cbr/\u003e1. Never concatenate user-supplied input directly into OQL statements. Use query parameters wherever possible.\u003cbr/\u003e2. Restrict dynamically specified class names to a predefined allow list of approved classes.\u003cbr/\u003e3. Do not allow end users to construct or modify OQL query syntax.\u003cbr/\u003e4. Avoid dynamically loading comparator classes or using reflection-based sorting based on user input.\u003cbr/\u003e5. Validate and sanitize all user-supplied values before they are used to construct OQL queries.\u003cbr/\u003eThese mitigations help prevent untrusted input from influencing OQL execution and eliminate the attack paths associated with this vulnerability.\u003c/p\u003e"
}
],
"value": "If eXtreme Scale is being used as a Session Cache (Session Grid), this vulnerability is not applicable. In a Session Grid deployment, applications typically use eXtreme Scale only to store and retrieve HTTP session data and do not create or execute Object Query Language (OQL) queries against the session data. As a result, the vulnerable OQL functionality is not exercised.If eXtreme Scale is being used as a Simple Grid and the application executes OQL queries, the risk can be mitigated through application code changes. Recommended mitigation strategies include:1. Never concatenate user-supplied input directly into OQL statements. Use query parameters wherever possible.2. Restrict dynamically specified class names to a predefined allow list of approved classes.3. Do not allow end users to construct or modify OQL query syntax.4. Avoid dynamically loading comparator classes or using reflection-based sorting based on user input.5. Validate and sanitize all user-supplied values before they are used to construct OQL queries.These mitigations help prevent untrusted input from influencing OQL execution and eliminate the attack paths associated with this vulnerability."
}
],
"title": "IBM WebSphere eXtreme Scale\u0027s OQL is affected by remote code execution",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-13772",
"datePublished": "2026-06-30T19:21:43.212Z",
"dateReserved": "2026-06-29T21:47:01.091Z",
"dateUpdated": "2026-07-03T03:56:12.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50645 (GCVE-0-2026-50645)
Vulnerability from cvelistv5 – Published: 2026-06-12 09:06 – Updated: 2026-06-12 13:43
VLAI?
EPSS
Title
Apache CXF: No restriction on attachment headers per message
Summary
There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a maximum default of 500 attachments per message.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
4.2.0 , < 4.2.2
(semver)
Affected: 0 , < 4.1.7 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-12T09:28:15.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/11/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-50645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:43:22.491534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:43:27.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf:cxf-core",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack.\u0026nbsp;Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a maximum default of 500 attachments per message.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack.\u00a0Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a maximum default of 500 attachments per message."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T09:06:54.819Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/24zb7cqcvykhwm0j797dmdq25s61mj93"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: No restriction on attachment headers per message",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-50645",
"datePublished": "2026-06-12T09:06:54.819Z",
"dateReserved": "2026-06-05T14:05:01.499Z",
"dateUpdated": "2026-06-12T13:43:27.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10852 (GCVE-0-2026-10852)
Vulnerability from cvelistv5 – Published: 2026-06-22 19:32 – Updated: 2026-06-24 16:51
VLAI?
EPSS
Title
Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Severity ?
5.9 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | i |
Affected:
7.6
Affected: 7.5 Affected: 7.4 Affected: 7.3 cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:51:31.975238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:06:39.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T16:51:02.178Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now.\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eIBM i Release\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e5770-SS1 Option 3\u003cbr/\u003ePTF Number(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePTF Download Link(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e7.6\u003c/td\u003e\u003ctd\u003eSJ10122\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.5\u003c/td\u003e\u003ctd\u003eSJ10121\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.4\u003c/td\u003e\u003ctd\u003eSJ10120\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.3\u003c/td\u003e\u003ctd\u003eSJ10119\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now.\n\nIBM i Release5770-SS1 Option 3\nPTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119 \n\n\n\nIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-10852",
"datePublished": "2026-06-22T19:32:28.668Z",
"dateReserved": "2026-06-04T12:38:07.335Z",
"dateUpdated": "2026-06-24T16:51:02.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…