VDB

RHBA-2025%3A0409

RHBA-2025%3A0409 PUBLISHED CVSS 7.5 HIGH

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/rhdh/rhdh-operator-bundle@sha256:a91c4931ef5111c555ec5cc8128c3148c94fe2983d2e4fa7babe843e9292b303_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4*
Red Hatregistry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:d8268197ba0466643efb818fcad8f0fc29e32463f75b0f7f51d9ce75ec717572_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4*
Red Hatregistry.redhat.io/rhdh/rhdh-operator-bundle@sha256:a91c4931ef5111c555ec5cc8128c3148c94fe2983d2e4fa7babe843e9292b303_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:a91c4931ef5111c555ec5cc8128c3148c94fe2983d2e4fa7babe843e9292b303_amd64
Red Hatregistry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e1e2fac9519bd480c9629f5a9cf69be0169715483b7e662eaac61a48b37eb60_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e1e2fac9519bd480c9629f5a9cf69be0169715483b7e662eaac61a48b37eb60_amd64
Red Hatregistry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e1e2fac9519bd480c9629f5a9cf69be0169715483b7e662eaac61a48b37eb60_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4*
Red Hatregistry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:d8268197ba0466643efb818fcad8f0fc29e32463f75b0f7f51d9ce75ec717572_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4*

Timeline

  • Jan 20, 2025 CVE Published
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›