Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release

CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-64756 — glob: glob: Command Injection Vulnerability via Malicious Filenames CVE-2025-65945 — node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-22774 — devalue: devalue: Denial of Service due to excessive resource consumption from untrusted input CVE-2026-22775 — devalue: devalue: Denial of Service due to improper input validation CVE-2026-23745 — node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives CVE-2026-23950 — node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition