VDB
RHSA-2025%3A3928
RHSA-2025%3A3928
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64 as a component of RHACS 4.5 for RHEL 8 | *, advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64 as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64 as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64, advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x as a component of RHACS 4.5 for RHEL 8 | *, *, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x as a component of RHACS 4.5 for RHEL 8 | *, *, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le, *, advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le as a component of RHACS 4.5 for RHEL 8 | *, advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le, advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64 as a component of RHACS 4.5 for RHEL 8 | *, *, advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64 |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64 as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le as a component of RHACS 4.5 for RHEL 8 | *, *, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x as a component of RHACS 4.5 for RHEL 8 | *, advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x, advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x |
| Red Hat | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64 as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64, advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64, advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64 |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le, advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le, advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64 as a component of RHACS 4.5 for RHEL 8 | *, *, advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64 |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le, advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le, advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x, advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le as a component of RHACS 4.5 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le, *, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le |
…and 58 more
Timeline
- Apr 15, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:3928 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html/release_notes/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2319884 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2354195 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2355865 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3928.json advisory
- https://access.redhat.com/security/cve/CVE-2024-21536 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-21536 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-21536 advisory
- https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a advisory
- https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5 advisory
- https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22 advisory
- https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906 advisory
- https://access.redhat.com/security/cve/CVE-2024-57083 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-57083 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-57083 advisory
- https://github.com/Redocly/redoc/issues/2499 advisory
- https://access.redhat.com/security/cve/CVE-2025-30204 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-30204 advisory
…and 4 more