VDB

RHSA-2025%3A3907

RHSA-2025%3A3907 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le as a component of RHOL 6.1 for RHEL 9openshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le, openshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le, *
Red Hatopenshift-logging/opa-openshift-rhel9@sha256:8f0526bc9f252d614072f73042cb0abddc2a1a81ef2c81bd21ddf2238b38315d_s390x as a component of RHOL 6.1 for RHEL 9*, *, openshift-logging/opa-openshift-rhel9@sha256:8f0526bc9f252d614072f73042cb0abddc2a1a81ef2c81bd21ddf2238b38315d_s390x
Red Hatopenshift-logging/logging-loki-rhel9@sha256:16d08b15fd8ef4b0bed13d59b90c44d473c99fcff8e56b2311769f640ca9da9c_amd64 as a component of RHOL 6.1 for RHEL 9openshift-logging/logging-loki-rhel9@sha256:16d08b15fd8ef4b0bed13d59b90c44d473c99fcff8e56b2311769f640ca9da9c_amd64, *, openshift-logging/logging-loki-rhel9@sha256:16d08b15fd8ef4b0bed13d59b90c44d473c99fcff8e56b2311769f640ca9da9c_amd64
Red Hatopenshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e_s390x as a component of RHOL 6.1 for RHEL 9*, openshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e_s390x, *
Red Hatopenshift-logging/cluster-logging-rhel9-operator@sha256:60a6a6a013a5e5f1b1fe59c7c309e2d9ee8cb9c588f1ccb6c7d5a4c7fc016e53_amd64 as a component of RHOL 6.1 for RHEL 9*, openshift-logging/cluster-logging-rhel9-operator@sha256:60a6a6a013a5e5f1b1fe59c7c309e2d9ee8cb9c588f1ccb6c7d5a4c7fc016e53_amd64, openshift-logging/cluster-logging-rhel9-operator@sha256:60a6a6a013a5e5f1b1fe59c7c309e2d9ee8cb9c588f1ccb6c7d5a4c7fc016e53_amd64
Red Hatopenshift-logging/lokistack-gateway-rhel9@sha256:c705fdf8d6b5c4e8f669c1751b1d1da970764998344536dde6fdfe11a1ae4417_ppc64le as a component of RHOL 6.1 for RHEL 9*, *, *
Red Hatopenshift-logging/loki-rhel9-operator@sha256:f8a069907c905a39888e179319b60ec15fba1213bc1420898a6dcc9aaae9cd78_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/loki-rhel9-operator@sha256:f8a069907c905a39888e179319b60ec15fba1213bc1420898a6dcc9aaae9cd78_s390x, openshift-logging/loki-rhel9-operator@sha256:f8a069907c905a39888e179319b60ec15fba1213bc1420898a6dcc9aaae9cd78_s390x, openshift-logging/loki-rhel9-operator@sha256:f8a069907c905a39888e179319b60ec15fba1213bc1420898a6dcc9aaae9cd78_s390x
Red Hatopenshift-logging/eventrouter-rhel9@sha256:48aee5c2445bb8c4ed364c95a345441c0d20ef189b30b5246b643bc368ed2893_arm64 as a component of RHOL 6.1 for RHEL 9*, *, openshift-logging/eventrouter-rhel9@sha256:48aee5c2445bb8c4ed364c95a345441c0d20ef189b30b5246b643bc368ed2893_arm64
Red Hatopenshift-logging/cluster-logging-rhel9-operator@sha256:102c955f4fe3616cbe8e2e8cb1549da04ec98b8900b014f0e9be2c91379269e2_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/cluster-logging-rhel9-operator@sha256:102c955f4fe3616cbe8e2e8cb1549da04ec98b8900b014f0e9be2c91379269e2_s390x, openshift-logging/cluster-logging-rhel9-operator@sha256:102c955f4fe3616cbe8e2e8cb1549da04ec98b8900b014f0e9be2c91379269e2_s390x, openshift-logging/cluster-logging-rhel9-operator@sha256:102c955f4fe3616cbe8e2e8cb1549da04ec98b8900b014f0e9be2c91379269e2_s390x
Red Hatopenshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616_ppc64le as a component of RHOL 6.1 for RHEL 9openshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616_ppc64le, *, *
Red Hatopenshift-logging/log-file-metric-exporter-rhel9@sha256:5bf2cd46cacfe5e0ff6c8cf6223113df1fd48cdc0f3307c2dd9727fb4e8e09b1_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/log-file-metric-exporter-rhel9@sha256:5bf2cd46cacfe5e0ff6c8cf6223113df1fd48cdc0f3307c2dd9727fb4e8e09b1_s390x, openshift-logging/log-file-metric-exporter-rhel9@sha256:5bf2cd46cacfe5e0ff6c8cf6223113df1fd48cdc0f3307c2dd9727fb4e8e09b1_s390x, openshift-logging/log-file-metric-exporter-rhel9@sha256:5bf2cd46cacfe5e0ff6c8cf6223113df1fd48cdc0f3307c2dd9727fb4e8e09b1_s390x
Red Hatopenshift-logging/lokistack-gateway-rhel9@sha256:d4a2c37167b17827a6d9efa5a01f0bfe06ab0f4fea21021961c92b1c8b751264_arm64 as a component of RHOL 6.1 for RHEL 9*, *, *
Red Hatopenshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le as a component of RHOL 6.1 for RHEL 9openshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le, *, openshift-logging/opa-openshift-rhel9@sha256:c42d7348fd02ccf841bfeef35a104d8391fcf32afd6333ffbb0f13799ebd8bec_ppc64le
Red Hatopenshift-logging/eventrouter-rhel9@sha256:0cf1c3992d210339cebe0312e39302096d393fd793dd7858420fc11d51ed0806_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/eventrouter-rhel9@sha256:0cf1c3992d210339cebe0312e39302096d393fd793dd7858420fc11d51ed0806_s390x, openshift-logging/eventrouter-rhel9@sha256:0cf1c3992d210339cebe0312e39302096d393fd793dd7858420fc11d51ed0806_s390x, *
Red Hatopenshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e_s390x, *, openshift-logging/logging-loki-rhel9@sha256:21e98efab453533dbead455bdfe248fc4b8c1a6dfda148318895d9fb9a8afb7e_s390x
Red Hatopenshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616_ppc64le as a component of RHOL 6.1 for RHEL 9openshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616_ppc64le, *, openshift-logging/vector-rhel9@sha256:b07163c181a3b0b5e10837b9e89a25aed8b501fd1b33c56d89188f10fd939616_ppc64le
Red Hatopenshift-logging/eventrouter-rhel9@sha256:08e42d7980780340549efeb583fa58af8091772a27d0d3854436a91f5c80d226_amd64 as a component of RHOL 6.1 for RHEL 9*, openshift-logging/eventrouter-rhel9@sha256:08e42d7980780340549efeb583fa58af8091772a27d0d3854436a91f5c80d226_amd64, *
Red Hatopenshift-logging/logging-loki-rhel9@sha256:c9ba52ab354ba6ba6ea07bd83ca70359d7d7dcce59fcab8347015ab4a33be2a8_ppc64le as a component of RHOL 6.1 for RHEL 9*, openshift-logging/logging-loki-rhel9@sha256:c9ba52ab354ba6ba6ea07bd83ca70359d7d7dcce59fcab8347015ab4a33be2a8_ppc64le, openshift-logging/logging-loki-rhel9@sha256:c9ba52ab354ba6ba6ea07bd83ca70359d7d7dcce59fcab8347015ab4a33be2a8_ppc64le
Red Hatopenshift-logging/cluster-logging-operator-bundle@sha256:8ff77eeae069d78708d243efa1d0fcb81307fe2f927335a44f559ab6d5bcd260_amd64 as a component of RHOL 6.1 for RHEL 9*, openshift-logging/cluster-logging-operator-bundle@sha256:8ff77eeae069d78708d243efa1d0fcb81307fe2f927335a44f559ab6d5bcd260_amd64, openshift-logging/cluster-logging-operator-bundle@sha256:8ff77eeae069d78708d243efa1d0fcb81307fe2f927335a44f559ab6d5bcd260_amd64
Red Hatopenshift-logging/vector-rhel9@sha256:275912d20e6e84f6c8343208b6a45611686b59b5909de4510ebdafeba47992de_s390x as a component of RHOL 6.1 for RHEL 9openshift-logging/vector-rhel9@sha256:275912d20e6e84f6c8343208b6a45611686b59b5909de4510ebdafeba47992de_s390x, openshift-logging/vector-rhel9@sha256:275912d20e6e84f6c8343208b6a45611686b59b5909de4510ebdafeba47992de_s390x, openshift-logging/vector-rhel9@sha256:275912d20e6e84f6c8343208b6a45611686b59b5909de4510ebdafeba47992de_s390x

…and 48 more

Timeline

  • Apr 16, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›