Devspaces Openvsx-Rhel9 vulnerabilities

CVE-2026-40977 [MEDIUM] CWE-59 Spring Boot: Spring Boot: Local file corruption via PID file manipulation Spring Boot: Spring Boot: Local file corruption via PID file manipulation A flaw was found in Spring Boot when an application is configured to use `ApplicationPidFileWriter`. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data integrity issues or a de

CVE-2026-40970 [MEDIUM] CWE-295 Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure A flaw was found in Spring Boot. When configured to use an SSL (Secure Sockets Layer) bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elast

CVE-2026-41305 [MEDIUM] CWE-79 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting (XSS) by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML `` tags, it fails to properly escape `` sequences. This oversight

CVE-2026-41238 [MEDIUM] CWE-915 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution A flaw was found in DOMPurify, a software library used to clean potentially malicious code from web content, preventing Cross-Site Scripting (XSS) attacks. A remote attacker could exploit a vulnerability related to 'prototype pollution' to bypass DOMPurify's security checks. This allows the attacker to inject harmful

CVE-2026-41239 [MEDIUM] CWE-1289 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions A flaw was found in DOMPurify. A remote attacker could exploit this cross-site scripting (XSS) vulnerability when DOMPurify is configured to return a Document Object Model (DOM) or DOM fragment. The SAFE_FOR_TEMPLATES feature, intended to strip template ex

CVE-2026-41240 [MEDIUM] CWE-79 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute

CVE-2026-22753 [HIGH] CWE-551 Spring Security: Spring Security: Security bypass due to incorrect servlet path matching Spring Security: Spring Security: Security bypass due to incorrect servlet path matching A flaw was found in Spring Security. When an application uses specific configurations involving `securityMatchers(String)` and `PathPatternRequestMatcher.Builder` to handle servlet paths, the intended security controls may not be applied. This can result in a security bypass, where authenti

CVE-2026-22754 [HIGH] CWE-551 Spring Security: Spring Security: Authorization bypass due to incorrect servlet path matching Spring Security: Spring Security: Authorization bypass due to incorrect servlet path matching A flaw was found in Spring Security. When an application uses `` to define authorization rules, the servlet path may not be correctly included in the path matcher. This oversight can lead to an authorization bypass, allowing a remote attacker to access protected resources without

CVE-2026-22747 [MEDIUM] CWE-295 Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name (CN) values, which can lead

CVE-2026-22748 [MEDIUM] CWE-347 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation A flaw was found in Spring Security. When an application is configured to decode JSON Web Tokens (JWTs) using `NimbusJwtDecoder` or `NimbusReactiveJwtDecoder`, it may not properly validate these tokens if an `OAuth2TokenValidator` is not explicitly configured. This ove

CVE-2026-22746 [LOW] CWE-208 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure Spring Security: Spring Security: Timing attack defense bypass allows information disclosure A flaw was found in Spring Security. If an application uses the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, an attacker can bypass the DaoAuthenticationProvider's timing attack defense. This bypass allows an attacker to potentially gain limite

CVE-2026-40895 [MEDIUM] CWE-212 follow-redirects: follow-redirects: Information disclosure via cross-domain redirects follow-redirects: follow-redirects: Information disclosure via cross-domain redirects A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redi

CVE-2026-22751 [MEDIUM] CWE-367 Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use (TOCTOU) race condition

CVE-2026-40477 [CRITICAL] CWE-917 thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection,

CVE-2026-40478 [CRITICAL] CWE-917 thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properl

CVE-2025-14813 [CRITICAL] CWE-327 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected b

CVE-2026-5598 [CRITICAL] CWE-385 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unautho

CVE-2026-5588 [MEDIUM] CWE-347 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifi

CVE-2026-0636 [MEDIUM] CWE-90 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, pot