关键信息 漏洞概述 公告编号: RHSA-2025:4511 发布日期: 2025-05-06 更新日期: 2025-05-06 类型/严重性: 安全公告 - 重要 影响的产品 Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64 Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64 固定的漏洞 CVE-2024-29041: express: cause malformed URLs to be evaluated CVE-2024-18183: npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript CVE-2024-21536: http-proxy-middleware: Denial of Service CVE-2025-27144: go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh CVE-2025-30204: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 参考链接 https://access.redhat.com/security/updates/classification/#important