RHSA-2025:1448HighCVSS 8.2
Red Hat Security Advisory: RHOAI 2.17.0 - Red Hat OpenShift AI
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-21538 — cross-spawn: regular expression denial of service
CVE-2024-45337 — golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45339 — github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog
CVE-2024-49767 — werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms
CVE-2024-52798 — path-to-regexp: path-to-regexp Unpatched path-to-regexp ReDoS in 0.1.x
CVE-2024-55565 — nanoid: nanoid mishandles non-integer values
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2025:1448
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/
- externalhttps://access.redhat.com/security/cve/CVE-2024-45338
- externalhttps://access.redhat.com/security/cve/CVE-2024-45337
- externalhttps://access.redhat.com/security/cve/CVE-2024-49767
- externalhttps://access.redhat.com/security/cve/CVE-2024-21538
- externalhttps://access.redhat.com/security/cve/CVE-2024-52798
- externalhttps://access.redhat.com/security/cve/CVE-2024-55565
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1448.json