RHSA-2025:9966HighCVSS 7.3
Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.
🔗 CVE IDs covered (4)
📋 Description
CVE-2025-32996 — http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware CVE-2025-32997 — http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware CVE-2025-47273 — setuptools: Path Traversal Vulnerability in setuptools PackageIndex CVE-2025-48387 — tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2025:9966
- externalhttps://access.redhat.com/security/cve/CVE-2025-32996
- externalhttps://access.redhat.com/security/cve/CVE-2025-32997
- externalhttps://access.redhat.com/security/cve/CVE-2025-47273
- externalhttps://access.redhat.com/security/cve/CVE-2025-48387
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- externalhttps://issues.redhat.com/browse/RHIDP-7725
- externalhttps://issues.redhat.com/browse/RHIDP-7726
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9966.json