{ "threat_severity" : "Important", "public_date" : "2026-04-09T14:31:46Z", "bugzilla" : { "description" : "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", "id" : "2456913", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2456913" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-1289", "details" : [ "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected." ], "statement" : "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.", "affected_release" : [ { "product_name" : "Streams for Apache Kafka 3.2.0", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13571", "cpe" : "cpe:/a:redhat:amq_streams:3.2::el9", "package" : "axios" }, { "product_name" : "multicluster engine for Kubernetes 2.6", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17657", "cpe" : "cpe:/a:redhat:multicluster_engine:2.6::el9", "package" : "multicluster-engine/console-mce-rhel9:1778511348" }, { "product_name" : "multicluster engine for Kubernetes 2.8", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17699", "cpe" : "cpe:/a:redhat:multicluster_engine:2.8::el9", "package" : "multicluster-engine/console-mce-rhel9:1778383863" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.2", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:16874", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-compat-rhel9:1778508956" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.2", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:16874", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-rhel9:1778510461" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.1", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20889", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.10::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1779293013" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20938", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1779371594" }, { "product_name" : "Red Hat Developer Hub 1.8", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9742", "cpe" : "cpe:/a:redhat:rhdh:1.8::el9", "package" : "rhdh/rhdh-hub-rhel9:1776784286" }, { "product_name" : "Red Hat Developer Hub 1.9", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13826", "cpe" : "cpe:/a:redhat:rhdh:1.9::el9", "package" : "rhdh/rhdh-hub-rhel9:1777903262" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14937", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:1778156756" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19712", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-dashboard-rhel9:1779189627" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19712", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-mod-arch-gen-ai-rhel9:1778473763" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19712", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-mod-arch-model-registry-rhel9:1778666987" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10175", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/code-rhel9:1776744110" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10175", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/dashboard-rhel9:1776795511" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8483", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1776202125" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8483", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-rhel8:1776191302" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8484", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1776151124" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8484", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-rhel9:1776151272" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8490", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1776151106" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8490", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-rhel9:1776151270" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8491", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1776155669" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8491", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-rhel9:1776149682" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.3", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8493", "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:1776151134" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.3", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8493", "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9", "package" : "openshift-service-mesh/kiali-rhel9:1776151277" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19375", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1779204086" } ], "package_state" : [ { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/gatekeeper-3-18", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/gatekeeper-3-19", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel8", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-mce-mce-211", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-mce-mce-26", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-mce-mce-27", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-mce-mce-28", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-mce-mce-29", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Network Observability Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/network-observability-console-plugin-zstream", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/pipelines-hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-2-6-ossmc", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-0", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kiali-3-0-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kiali-3-0-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-1", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kiali-3-1-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kiali-3-1-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-1-ossmc", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-2", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-2-ossmc", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-3", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-3-ossmc", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp21/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp22/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/system-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/system-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-acm-214", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-acm-215", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/console-acm-216", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-24/lightspeed-rhel8-operator", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-26/lightspeed-rhel9-operator", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Will not fix", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-gateway", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-hub", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-platform-ui", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.12-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/automation-reports", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/gateway-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Apicurio Registry 3", "fix_state" : "Affected", "package_name" : "apicurio/apicurio-registry-ui-rhel8", "cpe" : "cpe:/a:redhat:apicurio_registry:3" }, { "product_name" : "Red Hat build of Apicurio Registry 3", "fix_state" : "Affected", "package_name" : "apicurio/apicurio-registry-ui-rhel9", "cpe" : "cpe:/a:redhat:apicurio_registry:3" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kueue-0-12", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kueue-bundle-1-1", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kueue-must-gather-1-1", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/kueue-operator-1-1", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Will not fix", "package_name" : "rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-rocm-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "axios", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-mod-arch-maas-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift3/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "openshift-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-12", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-13", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-14", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-15", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-16", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-17", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-9", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/iop-advisor-frontend-sat-6-18", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/iop-host-inventory-frontend-sat-6-18", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/iop-vulnerability-frontend-sat-6-18", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/rhtas-console-ui", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/rhtpa-product-0-3-z", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/rhtpa-product-0-4-z", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" }, { "product_name" : "Self-service automation portal 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/ansible-plugins", "cpe" : "cpe:/a:redhat:ansible_portal:2" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Not affected", "package_name" : "axios", "cpe" : "cpe:/a:redhat:amq_streams:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-62718\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62718\nhttps://datatracker.ietf.org/doc/html/rfc1034#section-3.1\nhttps://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2\nhttps://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\nhttps://github.com/axios/axios/pull/10661\nhttps://github.com/axios/axios/releases/tag/v1.15.0\nhttps://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5" ], "name" : "CVE-2025-62718", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }