RHSA-2025:7626HighCVSS 9.1
Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-12905 — tar-fs: link following and path traversal via maliciously crafted tar file CVE-2024-21534 — jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization CVE-2025-26791 — dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling CVE-2025-29775 — xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2025:7626
- externalhttps://access.redhat.com/security/cve/CVE-2024-12905
- externalhttps://access.redhat.com/security/cve/CVE-2024-21534
- externalhttps://access.redhat.com/security/cve/CVE-2025-26791
- externalhttps://access.redhat.com/security/cve/CVE-2025-29775
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7626.json