ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Ansible Automation Platform
Subscriptions
Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24539 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2025-01-24 | 7.3 High |
| Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | ||||
| CVE-2024-21520 | 2 Django-rest-framework, Redhat | 2 Django Rest Framework, Ansible Automation Platform | 2024-12-31 | 6.1 Medium |
| Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. | ||||
| CVE-2024-56326 | 1 Redhat | 14 Ansible Automation Platform, Discovery, Enterprise Linux and 11 more | 2024-12-27 | 7.8 High |
| Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. | ||||
| CVE-2024-55565 | 1 Redhat | 11 Acm, Ansible Automation Platform, Discovery and 8 more | 2024-12-12 | 4.3 Medium |
| nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. | ||||
| CVE-2024-53259 | 1 Redhat | 2 Acm, Ansible Automation Platform | 2024-12-02 | 6.5 Medium |
| quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. | ||||
| CVE-2022-40896 | 2 Pygments, Redhat | 4 Pygments, Ansible Automation Platform, Satellite and 1 more | 2024-11-27 | 5.5 Medium |
| A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | ||||
| CVE-2023-46137 | 2 Redhat, Twisted | 3 Ansible Automation Platform, Openstack, Twisted | 2024-11-25 | 5.3 Medium |
| Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. | ||||
| CVE-2024-5569 | 1 Redhat | 5 Ansible Automation Platform, Openshift Ironic, Openstack and 2 more | 2024-11-21 | 6.2 Medium |
| A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. | ||||
| CVE-2024-4340 | 1 Redhat | 5 Ansible Automation Platform, Openstack, Rhui and 2 more | 2024-11-21 | 7.5 High |
| Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. | ||||
| CVE-2024-41810 | 2 Redhat, Twisted | 2 Ansible Automation Platform, Twisted | 2024-11-21 | 6.1 Medium |
| Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. | ||||
| CVE-2024-37891 | 1 Redhat | 10 Ansible Automation Platform, Enterprise Linux, Openstack and 7 more | 2024-11-21 | 4.4 Medium |
| urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations. | ||||
| CVE-2024-33663 | 1 Redhat | 1 Ansible Automation Platform | 2024-11-21 | 6.5 Medium |
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | ||||
| CVE-2024-32879 | 2 Python-social-auth, Redhat | 2 Social-app-django, Ansible Automation Platform | 2024-11-21 | 4.9 Medium |
| Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. | ||||
| CVE-2024-28219 | 1 Redhat | 4 Ansible Automation Platform, Enterprise Linux, Satellite and 1 more | 2024-11-21 | 6.7 Medium |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | ||||
| CVE-2024-28102 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux | 2024-11-21 | 6.8 Medium |
| JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. | ||||
| CVE-2024-27351 | 1 Redhat | 5 Ansible Automation Platform, Openstack, Rhui and 2 more | 2024-11-21 | 5.3 Medium |
| In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. | ||||
| CVE-2024-22189 | 1 Redhat | 4 Acm, Ansible Automation Platform, Openshift and 1 more | 2024-11-21 | 7.5 High |
| quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-21503 | 2 Python Software Foundation, Redhat | 2 Black, Ansible Automation Platform | 2024-11-21 | 5.3 Medium |
| Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. | ||||
| CVE-2023-50447 | 3 Debian, Python, Redhat | 8 Debian Linux, Pillow, Ansible Automation Platform and 5 more | 2024-11-21 | 8.1 High |
| Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | ||||
| CVE-2023-49082 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2024-11-21 | 5.3 Medium |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | ||||