RHSA-2025:19094HighCVSS 8.8
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.0 Release.
🔗 CVE IDs covered (9)
📋 Description
CVE-2021-35065 — glob-parent: Regular Expression Denial of Service CVE-2022-3517 — nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-25883 — nodejs-semver: Regular expression denial of service CVE-2022-46175 — json5: Prototype Pollution in JSON5 via Parse Method CVE-2025-9566 — podman: Podman kube play command may overwrite host files CVE-2025-41248 — org.springframework.security/spring-security-core: Spring Security authorization bypass CVE-2025-41249 — org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability CVE-2025-55163 — netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability CVE-2025-59343 — tar-fs: tar-fs symlink validation bypass
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2025:19094
- externalhttps://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.24/html/administration_guide/installing-devspaces
- externalhttps://access.redhat.com/security/cve/CVE-2021-35065
- externalhttps://access.redhat.com/security/cve/CVE-2022-25883
- externalhttps://access.redhat.com/security/cve/CVE-2022-3517
- externalhttps://access.redhat.com/security/cve/CVE-2022-46175
- externalhttps://access.redhat.com/security/cve/CVE-2025-41248
- externalhttps://access.redhat.com/security/cve/CVE-2025-41249
- externalhttps://access.redhat.com/security/cve/CVE-2025-55163
- externalhttps://access.redhat.com/security/cve/CVE-2025-59343
- externalhttps://access.redhat.com/security/cve/CVE-2025-9566
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19094.json