Threat Intelligence Database

A security researcher publicly disclosed a critical zero-day vulnerability in Visual Studio Code's browser-based editor github.dev after losing trust in Microsoft's security response process. The vulnerability allows an attacker to steal OAuth tokens with broad repository access by exploiting how github.dev receives tokens from github.com without repo-specific scoping. An attacker who can modify a repository's . vscode/extensions.json can recommend a malicious extension that installs automatically when the victim opens the repo in github.dev, bypassing user approval via a hidden Jupyter Notebook trigger. This enables silent installation of malicious extensions capable of stealing tokens and accessing private repositories.

Security Fix(es): * github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) * Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.31. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2026:0331 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ Security Fix(es): * github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

Multiple vulnerabilities affecting the Red Hat build of the OpenTelemetry Collector have been identified, including denial of service and memory exhaustion issues in several components such as go-jose, golang.org/x/oauth2/jws, github.com/expr-lang/expr, and golang-jwt/jwt. These vulnerabilities can lead to excessive memory consumption or denial of service conditions during parsing operations. Red Hat has issued an important security advisory with updates addressing these issues for Red Hat Enterprise Linux 10 and related variants.

Red Hat has issued a security advisory for the go-fdo-server package, which implements the FIDO Device Onboard (FDO) specification in Go. The update addresses two vulnerabilities: a memory-safety issue in the github.com/jackc/pgx library (CVE-2026-33816) and a denial of service vulnerability in Go's crypto/tls package triggered by multiple TLS 1.3 key update messages (CVE-2026-32283). These vulnerabilities affect Red Hat Enterprise Linux 10 and related variants. The advisory rates the security impact as Important and provides updated packages to remediate these issues.

This advisory addresses two vulnerabilities in the container-tools module of Red Hat Enterprise Linux 8.8, which includes tools such as podman, buildah, skopeo, and runc. The first vulnerability (CVE-2025-58183) involves an unbounded memory allocation when parsing GNU sparse map archives in the golang archive/tar package. The second vulnerability (CVE-2025-65637) is a denial-of-service issue in the github.com/sirupsen/logrus logging library caused by processing a large single-line payload. Both issues have been rated with moderate severity by Red Hat Product Security. Updates are available to address these vulnerabilities in Red Hat Enterprise Linux 8.8 and related update services.

Red Hat OpenShift Container Platform 4.19.9 includes security updates addressing two vulnerabilities: a denial of service in the golang.org/x/crypto/ssh package (CVE-2025-22869) and a vulnerability in github.com/golang/glog related to log file creation (CVE-2024-45339). These issues affect the container images and RPM packages of OpenShift Container Platform 4.19. Users are advised to upgrade to the updated packages and images via the appropriate release channels using the OpenShift CLI or web console.

Red Hat OpenShift Container Platform 4.17.38 includes security updates addressing two vulnerabilities: a denial of service in the key exchange mechanism of golang.org/x/crypto/ssh (CVE-2025-22869) and a vulnerability related to log file creation in github.com/golang/glog (CVE-2024-45339). These issues affect the container images and packages used in OpenShift Container Platform 4.17. Users are advised to upgrade to the updated packages and images via the appropriate release channels using the OpenShift CLI or web console.

Red Hat OpenShift Container Platform 4.18.23 includes security updates addressing vulnerabilities in golang.org/x/crypto/ssh and github.com/golang/glog. One vulnerability (CVE-2024-45339) involves a flaw when creating log files in golang/glog, and another (CVE-2025-22869) is a denial of service in the SSH key exchange. These issues are rated with high importance by Red Hat Product Security. Users of OpenShift Container Platform 4.18 are advised to upgrade to the updated packages and container images available in the appropriate release channels.

Red Hat OpenShift Container Platform 4.14.56 includes security updates addressing vulnerabilities in third-party components golang-jwt/jwt and github.com/golang/glog. These vulnerabilities involve excessive memory allocation during JWT header parsing and issues when creating log files, respectively. The update is rated as having an important security impact. Users of OpenShift Container Platform 4.14 are advised to upgrade to the updated container images when available via official release channels.