Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: quay-v3.14.6
Component/s: quay-operator
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Git Pull Request:
https://github.com/quay/quay-operator-konflux/pull/498
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Description:

This is an issue found in Quay 3.14.6 Redis Image, in this Redis Image used Quay 3.14.6 Operator there're some HIGH Image vulnerability like CVE-2025-59375 "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations" and CVE-2025-5914 "libarchive: Double free at archive_read_format_rar_seek_data", but with the latest Redhat Redis image, those CVE issues are fixed already, pls review and use latest Redhat Redis Image.

Quay 3.14.6 Redis Image:

registry.redhat.io/rhel8/redis-6@sha256:cefc749916bb70a025acb560e3863e0593015832044b31d7e23e400e20b89bff

The latest Redhat Redis image:

https://catalog.redhat.com/en/software/containers/rhel8/redis-6/6065b06cdfe097aa13042b50#get-this-image

registry.redhat.io/rhel8/redis-6@sha256:c521ebfcd5c334c46b4bb7d8ddad270f789857de2fcc374c7ca338c078ec4b71

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

image-2025-12-17-14-59-08-097.png
153 kB
2025/12/17 6:59 AM
image-2025-12-17-14-59-42-131.png
80 kB
2025/12/17 6:59 AM
image-2025-12-17-15-00-19-925.png
122 kB
2025/12/17 7:00 AM
image-2025-12-17-15-01-02-558.png
610 kB
2025/12/17 7:01 AM
quay_redis_image_vulnerability-report.txt
344 kB
2025/12/17 7:04 AM

Assignee:: luffy zhang

Reporter:: luffy zhang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/12/17 7:03 AM

Updated:: 2025/12/17 10:01 AM

Details

Description

Attachments

Attachments

Easy Agile Planning Poker

Activity

People

Dates