Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.2 Release.
🔗 CVE IDs covered (7)
📋 Description
CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression CVE-2026-43512 — tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:25123
- externalhttps://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces
- externalhttps://access.redhat.com/security/cve/CVE-2026-42578
- externalhttps://access.redhat.com/security/cve/CVE-2026-42579
- externalhttps://access.redhat.com/security/cve/CVE-2026-42581
- externalhttps://access.redhat.com/security/cve/CVE-2026-42584
- externalhttps://access.redhat.com/security/cve/CVE-2026-42587
- externalhttps://access.redhat.com/security/cve/CVE-2026-43512
- externalhttps://access.redhat.com/security/cve/CVE-2026-6321
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25123.json