RHBA-2025:0409HighCVSS 8.0
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.1 release.
🔗 CVE IDs covered (6)
📋 Description
CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-52798 — path-to-regexp: path-to-regexp Unpatched path-to-regexp ReDoS in 0.1.x
CVE-2024-55565 — nanoid: nanoid mishandles non-integer values
CVE-2024-56201 — jinja2: Jinja has a sandbox breakout through malicious filenames
CVE-2024-56326 — jinja2: Jinja has a sandbox breakout through indirect reference to format method
CVE-2024-56334 — systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHBA-2025:0409
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://access.redhat.com/security/cve/CVE-2024-45338
- externalhttps://access.redhat.com/security/cve/CVE-2024-52798
- externalhttps://access.redhat.com/security/cve/CVE-2024-55565
- externalhttps://access.redhat.com/security/cve/CVE-2024-56201
- externalhttps://access.redhat.com/security/cve/CVE-2024-56326
- externalhttps://access.redhat.com/security/cve/CVE-2024-56334
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_0409.json