Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.
🔗 CVE IDs covered (7)
📋 Description
CVE-2026-2950 — lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass CVE-2026-4923 — path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards CVE-2026-22036 — undici: Undici: Denial of Service via excessive decompression steps CVE-2026-27601 — Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions CVE-2026-31988 — yauzl: yauzl: Denial of Service vulnerability in zip file processing CVE-2026-32235 — @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass CVE-2026-33349 — fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling
🔗 References (20)
- selfhttps://access.redhat.com/errata/RHSA-2026:24841
- externalhttps://access.redhat.com/security/cve/CVE-2026-22036
- externalhttps://access.redhat.com/security/cve/CVE-2026-27601
- externalhttps://access.redhat.com/security/cve/CVE-2026-2950
- externalhttps://access.redhat.com/security/cve/CVE-2026-31988
- externalhttps://access.redhat.com/security/cve/CVE-2026-32235
- externalhttps://access.redhat.com/security/cve/CVE-2026-33349
- externalhttps://access.redhat.com/security/cve/CVE-2026-4923
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2870
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2962
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2964
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2965
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2966
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2971
- externalhttps://issues.redhat.com/browse/RHDHBUGS-2974
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24841.json