RHSA-2025:8479HighCVSS 7.5
Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-11831 — npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript CVE-2024-21536 — http-proxy-middleware: Denial of Service CVE-2024-29041 — express: cause malformed URLs to be evaluated CVE-2024-39249 — nodejs-async: Regular expression denial of service while parsing function in autoinject CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser CVE-2025-30204 — golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2025:8479
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2290901
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2295035
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2311171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2312579
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2319884
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2333122
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2354195
- externalhttps://issues.redhat.com/browse/DFBUGS-1702
- externalhttps://issues.redhat.com/browse/DFBUGS-2603
- externalhttps://issues.redhat.com/browse/DFBUGS-714
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8479.json