Red Hat Security Advisory: Red Hat Quay 3.9.20
🔗 CVE IDs covered (8)
📋 Description
CVE-2026-4599 — jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
CVE-2026-4600 — jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters
CVE-2026-4601 — jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing
CVE-2026-4602 — jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling
CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution
CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion
CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:6926
- externalhttps://access.redhat.com/security/cve/CVE-2026-29063
- externalhttps://access.redhat.com/security/cve/CVE-2026-29074
- externalhttps://access.redhat.com/security/cve/CVE-2026-30922
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-4599
- externalhttps://access.redhat.com/security/cve/CVE-2026-4600
- externalhttps://access.redhat.com/security/cve/CVE-2026-4601
- externalhttps://access.redhat.com/security/cve/CVE-2026-4602
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6926.json