{"url":"http://public2.vulnerablecode.io/api/packages/89651?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.8?arch=3-10","type":"rpm","namespace":"redhat","name":"multicluster-engine-cluster-proxy-addon","version":"container-v2.8","qualifiers":{"arch":"3-10"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29826?format=json","vulnerability_id":"VCID-4pq8-1dxx-37gj","summary":"form-data uses unsafe random function in form-data for choosing boundary\n### Summary\n\nform-data uses `Math.random()` to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker:\n1. can observe other values produced by Math.random in the target application, and\n2. can control one field of a request made using form-data\n\nBecause the values of Math.random() are pseudo-random and predictable (see: https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f), an attacker who can observe a few sequential values can determine the state of the PRNG and predict future values, includes those used to generate form-data's boundary value. The allows the attacker to craft a value that contains a boundary value, allowing them to inject additional parameters into the request.\n\nThis is largely the same vulnerability as was [recently found in `undici`](https://hackerone.com/reports/2913312) by [`parrot409`](https://hackerone.com/parrot409?type=user) -- I'm not affiliated with that researcher but want to give credit where credit is due! My PoC is largely based on their work.\n\n### Details\n\nThe culprit is this line here: https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347\n\nAn attacker who is able to predict the output of Math.random() can predict this boundary value, and craft a payload that contains the boundary value, followed by another, fully attacker-controlled field. This is roughly equivalent to any sort of improper escaping vulnerability, with the caveat that the attacker must find a way to observe other Math.random() values generated by the application to solve for the state of the PRNG. However, Math.random() is used in all sorts of places that might be visible to an attacker (including by form-data itself, if the attacker can arrange for the vulnerable application to make a request to an attacker-controlled server using form-data, such as a user-controlled webhook -- the attacker could observe the boundary values from those requests to observe the Math.random() outputs). A common example would be a `x-request-id` header added by the server. These sorts of headers are often used for distributed tracing, to correlate errors across the frontend and backend. `Math.random()` is a fine place to get these sorts of IDs (in fact, [opentelemetry uses Math.random for this purpose](https://github.com/open-telemetry/opentelemetry-js/blob/2053f0d3a44631ade77ea04f656056a2c8a2ae76/packages/opentelemetry-sdk-trace-base/src/platform/node/RandomIdGenerator.ts#L22))\n\n### PoC\n\nPoC here: https://github.com/benweissmann/CVE-2025-7783-poc\n\nInstructions are in that repo. It's based on the PoC from https://hackerone.com/reports/2913312 but simplified somewhat; the vulnerable application has a more direct side-channel from which to observe Math.random() values (a separate endpoint that happens to include a randomly-generated request ID). \n\n### Impact\n\nFor an application to be vulnerable, it must:\n- Use `form-data` to send data including user-controlled data to some other system. The attacker must be able to do something malicious by adding extra parameters (that were not intended to be user-controlled) to this request. Depending on the target system's handling of repeated parameters, the attacker might be able to overwrite values in addition to appending values (some multipart form handlers deal with repeats by overwriting values instead of representing them as an array)\n- Reveal values of Math.random(). It's easiest if the attacker can observe multiple sequential values, but more complex math could recover the PRNG state to some degree of confidence with non-sequential values. \n\nIf an application is vulnerable, this allows an attacker to make arbitrary requests to internal systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7783","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31712","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3184","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54442","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6158","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6159","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61569","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00449","scoring_system":"epss","scoring_elements":"0.6361","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7783"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/benweissmann/CVE-2025-7783-poc","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/benweissmann/CVE-2025-7783-poc"},{"reference_url":"https://github.com/form-data/form-data","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/form-data/form-data"},{"reference_url":"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T14:54:27Z/"}],"url":"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"},{"reference_url":"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T14:54:27Z/"}],"url":"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7783","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551","reference_id":"1109551","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381959","reference_id":"2381959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14886","reference_id":"RHSA-2025:14886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14919","reference_id":"RHSA-2025:14919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15771","reference_id":"RHSA-2025:15771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16101","reference_id":"RHSA-2025:16101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16113","reference_id":"RHSA-2025:16113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16918","reference_id":"RHSA-2025:16918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17501","reference_id":"RHSA-2025:17501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18278","reference_id":"RHSA-2025:18278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18744","reference_id":"RHSA-2025:18744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20047","reference_id":"RHSA-2025:20047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21704","reference_id":"RHSA-2025:21704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://usn.ubuntu.com/7976-1/","reference_id":"USN-7976-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7976-1/"}],"fixed_packages":[],"aliases":["CVE-2025-7783","GHSA-fjxv-7rqg-78g4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pq8-1dxx-37gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29174?format=json","vulnerability_id":"VCID-s5gr-zsbz-xkbe","summary":"jwt-go allows excessive memory allocation during header parsing\n### Summary\n\nFunction [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Details\n\nSee [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) \n\n### Impact\n\nExcessive memory allocation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30204","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28163","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28206","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27961","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28027","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28075","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28118","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28069","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29962","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang-jwt/jwt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang-jwt/jwt"},{"reference_url":"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"},{"reference_url":"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb"},{"reference_url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30204","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30204"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250404-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250404-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354195","reference_id":"2354195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11573","reference_id":"RHSA-2025:11573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11669","reference_id":"RHSA-2025:11669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13900","reference_id":"RHSA-2025:13900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14048","reference_id":"RHSA-2025:14048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14855","reference_id":"RHSA-2025:14855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15332","reference_id":"RHSA-2025:15332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15673","reference_id":"RHSA-2025:15673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15872","reference_id":"RHSA-2025:15872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16101","reference_id":"RHSA-2025:16101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16595","reference_id":"RHSA-2025:16595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17671","reference_id":"RHSA-2025:17671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18241","reference_id":"RHSA-2025:18241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18242","reference_id":"RHSA-2025:18242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23057","reference_id":"RHSA-2025:23057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23534","reference_id":"RHSA-2025:23534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23535","reference_id":"RHSA-2025:23535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23916","reference_id":"RHSA-2025:23916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3344","reference_id":"RHSA-2025:3344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3411","reference_id":"RHSA-2025:3411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3503","reference_id":"RHSA-2025:3503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3565","reference_id":"RHSA-2025:3565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3569","reference_id":"RHSA-2025:3569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3607","reference_id":"RHSA-2025:3607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3616","reference_id":"RHSA-2025:3616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3618","reference_id":"RHSA-2025:3618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3698","reference_id":"RHSA-2025:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3740","reference_id":"RHSA-2025:3740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3743","reference_id":"RHSA-2025:3743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3775","reference_id":"RHSA-2025:3775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3790","reference_id":"RHSA-2025:3790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3808","reference_id":"RHSA-2025:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3811","reference_id":"RHSA-2025:3811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3813","reference_id":"RHSA-2025:3813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3814","reference_id":"RHSA-2025:3814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3905","reference_id":"RHSA-2025:3905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3907","reference_id":"RHSA-2025:3907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3928","reference_id":"RHSA-2025:3928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3929","reference_id":"RHSA-2025:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3930","reference_id":"RHSA-2025:3930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3993","reference_id":"RHSA-2025:3993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4008","reference_id":"RHSA-2025:4008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4012","reference_id":"RHSA-2025:4012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4019","reference_id":"RHSA-2025:4019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4171","reference_id":"RHSA-2025:4171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4177","reference_id":"RHSA-2025:4177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4188","reference_id":"RHSA-2025:4188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4204","reference_id":"RHSA-2025:4204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4250","reference_id":"RHSA-2025:4250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4409","reference_id":"RHSA-2025:4409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4422","reference_id":"RHSA-2025:4422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4462","reference_id":"RHSA-2025:4462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4473","reference_id":"RHSA-2025:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4502","reference_id":"RHSA-2025:4502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4569","reference_id":"RHSA-2025:4569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4669","reference_id":"RHSA-2025:4669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4677","reference_id":"RHSA-2025:4677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4810","reference_id":"RHSA-2025:4810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7404","reference_id":"RHSA-2025:7404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7407","reference_id":"RHSA-2025:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7425","reference_id":"RHSA-2025:7425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7475","reference_id":"RHSA-2025:7475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7479","reference_id":"RHSA-2025:7479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7503","reference_id":"RHSA-2025:7503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7967","reference_id":"RHSA-2025:7967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8075","reference_id":"RHSA-2025:8075","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8267","reference_id":"RHSA-2025:8267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8384","reference_id":"RHSA-2025:8384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8390","reference_id":"RHSA-2025:8390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8392","reference_id":"RHSA-2025:8392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8510","reference_id":"RHSA-2025:8510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8542","reference_id":"RHSA-2025:8542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8552","reference_id":"RHSA-2025:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8560","reference_id":"RHSA-2025:8560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8691","reference_id":"RHSA-2025:8691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9167","reference_id":"RHSA-2025:9167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9259","reference_id":"RHSA-2025:9259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9388","reference_id":"RHSA-2025:9388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9541","reference_id":"RHSA-2025:9541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9646","reference_id":"RHSA-2025:9646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2155","reference_id":"RHSA-2026:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2164","reference_id":"RHSA-2026:2164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2172","reference_id":"RHSA-2026:2172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[],"aliases":["CVE-2025-30204","GHSA-mh63-6h87-95cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.8%3Farch=3-10"}