Red Hat Security Advisory: Red Hat Ceph Storage
🔗 CVE IDs covered (11)
📋 Description
CVE-2024-6345 — pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools CVE-2024-12905 — tar-fs: link following and path traversal via maliciously crafted tar file CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2025-5889 — brace-expansion: juliangruber brace-expansion index.js expand redos CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-45768 — pyjwt: pyjwt Weak Encryption Vulnerability CVE-2025-47913 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS CVE-2025-50181 — urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation CVE-2025-52555 — ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS CVE-2025-59343 — tar-fs: tar-fs symlink validation bypass CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2026:33154
- externalhttps://access.redhat.com/security/cve/CVE-2024-12905
- externalhttps://access.redhat.com/security/cve/CVE-2024-55565
- externalhttps://access.redhat.com/security/cve/CVE-2024-6345
- externalhttps://access.redhat.com/security/cve/CVE-2025-13465
- externalhttps://access.redhat.com/security/cve/CVE-2025-45768
- externalhttps://access.redhat.com/security/cve/CVE-2025-47913
- externalhttps://access.redhat.com/security/cve/CVE-2025-50181
- externalhttps://access.redhat.com/security/cve/CVE-2025-52555
- externalhttps://access.redhat.com/security/cve/CVE-2025-5889
- externalhttps://access.redhat.com/security/cve/CVE-2025-59343
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33154.json