VulnerableCode Package Details - pkg:rpm/redhat/osbuild-composer@46.3-5?arch=el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/osbuild-composer@46.3-5?arch=el8_6

purl	pkg:rpm/redhat/osbuild-composer@46.3-5?arch=el8_6

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-bq3a-psx3-5kh8 Aliases: CVE-2025-65637 GHSA-4f99-4q7p-p3gh	Logrus is vulnerable to DoS when using Entry.Writer() A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:38:47.236120+00:00	RedHat Importer	Affected by	VCID-bq3a-psx3-5kh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65637.json	38.4.0
2026-04-08T19:21:02.693397+00:00	RedHat Importer	Affected by	VCID-bq3a-psx3-5kh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65637.json	38.1.0
2026-04-01T13:34:18.841298+00:00	RedHat Importer	Affected by	VCID-bq3a-psx3-5kh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65637.json	38.0.0