| CVE | Severity | Date | Description | Statement / Details |
|---|---|---|---|---|
| CVE-2025-2877 | Important | 2025-03-25 | event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA | This flaw is rated as Important since it may potentially expose cleartext passwords to the user who started the Activation and to any user who has been granted privileges to observe the Activation. |
| CVE-2025-27516 | Important | 2025-03-05 | jinja2: Jinja sandbox breakout through attr filter selecting format method | This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja's sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed. |
| CVE-2024-56201 | Important | 2024-12-23 | jinja2: Jinja has a sandbox breakout through malicious filenames | This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox. |
| CVE-2024-53908 | Important | 2024-12-04 | django: Potential SQL injection in HasKey(lhs, rhs) on Oracle | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) A vulnerability was found in the Django Web Framework. The direct usage of django.db.models.fields.json.HasKey may be vulnerable to SQL injection if untrusted data is used to perform queries. |
| CVE-2024-30251 | Important | 2024-05-02 | aiohttp: DoS when trying to parse malformed POST requests | Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit and could significantly impact availability. In order to exploit the bug, the attacker has to send a specially crafted POST request causing the server to go into an infinite loop. Red Hat Satellite has set a moderate impact of this issue as invalid requests which could trigger this bug such as no authentication or wrong path are unlikely possible or going to happen. |
| CVE-2024-1135 | Important | 2024-04-15 | python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers | Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks, including cache poisoning, session manipulation, and data exposure. |
| CVE-2023-45288 | Important | 2024-04-03 | golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS | Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own. This vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the “Affected Packages and Issued Red Hat Security Errata” section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio. Many components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are: * The container includes a package that provides a vulnerable webserver, but it is not used or running during operation * HTTP/2 is disabled by default and is not supported * Only a client implementation is provided, which is not vulnerable * A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled * Access to a vulnerable server is restricted within the container (loopback only connections) * Golang is available in the container but is not used Within the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available. Within Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component: * Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2 * Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected |
| CVE-2024-1394 | Important | 2024-03-20 | golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads | The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a "Moderate" level of impact. |
| CVE-2024-1657 | Important | 2024-02-29 | platform: Insecure websocket used when interacting with EDA server | A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. |
| CVE-2024-26130 | Important | 2024-02-21 | python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override | The vulnerability in python-cryptography that leads to a NULL pointer dereference during the pkcs12.serialize_key_and_certificates function execution is classified as a moderate severity issue. While the vulnerability can result in a denial-of-service (DoS) by crashing the Python process, it requires specific conditions to trigger: a mismatch between the provided certificate's public key and private key, coupled with the use of an encryption algorithm with hmac_hash set. The exploitation of this vulnerability does not directly lead to arbitrary code execution or data leakage. Instead, it causes a controlled termination of the Python process, which, although disruptive, is not as critical as other vulnerabilities that can lead to unauthorized access, data corruption, or code injection. However, it's important to note that denial-of-service conditions can still have operational impacts, disrupting services or causing system instability. This issue does not affect Red Hat Enterprise Linux 6, 7, 8 and 9 as we dont ship the vulnerable code and package version. |
| CVE-2023-50447 | Important | 2024-01-19 | pillow: Arbitrary Code Execution via the environment parameter | The vulnerability in Pillow's PIL.ImageMath.eval function poses a significant threat due to its potential for arbitrary code execution. Pillow's widespread use in diverse domains makes this flaw particularly impactful, as it could lead to unauthorized access, data breaches, and compromise of entire systems. The complex exploitation method involving Python's dunder methods adds sophistication to potential attacks. |
| CVE-2023-44487 | Important | 2023-10-10 | HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) | NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive. The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a "Moderate" level of impact. rhc component is no longer impacted by CVE-2023-44487 & CVE-2023-39325. |
| CVE-2023-39325 | Important | 2023-10-10 | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | This CVE is related to CVE-2023-44487. The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a "Moderate" level of impact. |
| CVE-2025-43859 | Important | 2025-04-24 | h11: h11 accepts some malformed Chunked-Encoding bodies | h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue. A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators. |
| CVE-2025-1801 | Important | 2025-03-01 | aap-gateway: aap-gateway privilege escalation | Red Hat has evaluated this vulnerability. This issue only affects versions AAP 2.5 GA and onwards. |
| CVE-2024-56374 | Moderate | 2025-01-14 | django: potential denial-of-service vulnerability in IPv6 validation | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-770: Allocation of Resources Without Limits or Throttling vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform enforces hardening guidelines to apply the most restrictive settings required for operations, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect excessive resource usage caused by malicious activity or system misconfigurations. In the event of exploitation, process isolation ensures workloads operate in separate environments, preventing any single process from overconsuming CPU or memory and degrading system performance. |
| CVE-2024-56326 | Moderate | 2024-12-23 | jinja2: Jinja has a sandbox breakout through indirect reference to format method | This vulnerability is rated as Moderate due to an oversight in Jinja's sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact. |
| CVE-2024-53907 | Moderate | 2024-12-04 | django: Potential denial-of-service in django.utils.html.strip_tags() | This vulnerability is rated as a Moderate severity because it exposes the strip_tags() method and striptags template filter to a potential denial-of-service attack, malicious input containing large sequences of nested incomplete HTML entities could cause excessive processing, but it does not affect data confidentiality or integrity |
| CVE-2024-11407 | Moderate | 2024-11-26 | grpc: Denial of Service through Data corruption in gRPC-C++ | There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 A flaw was found in gRPC. In certain configurations, the data sent by the application may be corrupted before transmission over the network, leaving the recipient with an incorrect set of bytes, which will cause RPC requests to fail. This issue may lead to a denial of service. |
| CVE-2024-52304 | Moderate | 2024-11-18 | aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications. |
| CVE-2024-9902 | Moderate | 2024-11-06 | ansible-core: Ansible-core user may read/write unauthorized content | A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. |
| CVE-2024-45801 | Moderate | 2024-09-16 | dompurify: XSS vulnerability via prototype pollution | The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk. |
| CVE-2024-8775 | Moderate | 2024-09-13 | ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging | This issue is classified as moderate rather than important because while it does expose sensitive information during playbook execution, the exposure is limited to logs and output generated during the run, which is typically accessible only to authorized users with sufficient privileges. The flaw does not result in an immediate or direct compromise of systems, as no remote exploitation vector is introduced. Additionally, the risk can be mitigated through proper configuration (`no_log: true`) and access control measures, reducing the likelihood of unauthorized access to the logged data. However, the unintentional disclosure of secrets like passwords or API keys still presents a potential risk for privilege escalation or lateral movement within an environment, justifying a moderate severity rating. |
| CVE-2024-45296 | Moderate | 2024-09-09 | path-to-regexp: Backtracking regular expressions cause ReDoS | path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS). |
| CVE-2024-6840 | Moderate | 2024-09-05 | automation-controller: Gain access to the k8s API server via job execution with Container Group | An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account. An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account. |
| CVE-2024-41989 | Moderate | 2024-08-06 | python-django: Memory exhaustion in django.utils.numberformat.floatformat() | This issue is categorized as moderate severity rather than important because, while it has the potential to cause significant memory consumption under specific conditions, the likelihood of such a scenario occurring in typical applications is relatively low. The issue arises primarily when processing extremely large numbers in scientific notation, which is not a common use case in most Django applications. Additionally, the impact is localized to the floatformat function, and the issue does not expose sensitive data or compromise the integrity of the application. |
| CVE-2024-41990 | Moderate | 2024-08-06 | python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. A flaw was found in Django. Processing very large inputs with a specific sequence of characters with the urlize and urlizetrunc functions can cause a denial of service. |
| CVE-2024-41991 | Moderate | 2024-08-06 | python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget | The identified vulnerability in Django's urlize, urlizetrunc template filters, and the AdminURLFieldWidget widget is classified as moderate severity rather than important due to its specific attack vector and impact. While the flaw allows for a potential denial-of-service (DoS) attack via inputs with a large number of Unicode characters, exploiting this vulnerability requires a significant volume of data to be processed by these components, which is a non-trivial task. Additionally, standard mitigation measures such as input validation, rate limiting, and monitoring can effectively reduce the risk. |
| CVE-2024-42005 | Moderate | 2024-08-06 | python-django: Potential SQL injection in QuerySet.values() and values_list() | This vulnerability is considered of moderate severity rather than high or critical because it requires specific conditions to be exploitable. The potential for SQL injection exists only when QuerySet.values() or values_list() methods are used on models with a JSONField, and an attacker must have control over the JSON object keys passed as arguments. In typical use cases, these methods are often used with predefined or controlled data, limiting the attack surface. Furthermore, the impact is constrained to the manipulation of column aliases, rather than direct injection into more critical parts of the SQL query, reducing the overall risk compared to more direct forms of SQL injection vulnerabilities. |
| CVE-2024-7246 | Moderate | 2024-08-06 | grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend | This vulnerability is specific to C++ implementations of gRPC release and does not affect Golang or Java implementations of gRPC. The gRPC RPM was packaged with Openshift via the Kuryr component. However, Kuryr was never configured to run code using the gRPC library, hence, grpcio dependency has been removed from Kuryr since Openshift-4.12. |
| CVE-2024-41810 | Moderate | 2024-07-29 | python-twisted: Reflected XSS via HTML Injection in Redirect Response | The vulnerability is exploitable only in Firefox. All other tested browsers will display an error message to the user and will not render the HTML body. |
| CVE-2024-38875 | Moderate | 2024-07-26 | python-django: Potential denial-of-service in django.utils.html.urlize() | An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. A vulnerability was found in the Django framework's urlize and urlizetrunc functions, where an attacker can input a certain string containing a large number of brackets, leads to a potential denial of service when the application attempts to process the excessive input. |
| CVE-2024-39614 | Moderate | 2024-07-09 | python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant() | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. A vulnerability was found in Python-Django in the get_supported_language_variant() function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack. |
| CVE-2024-5569 | Moderate | 2024-07-09 | github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp | A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. A flaw was found in jaraco/zipp. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. |
| CVE-2024-21520 | Moderate | 2024-06-26 | djangorestframework: Cross-site Scripting (XSS) via break_long_headers | Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. A vulnerability was found in the djangorestframework package. Cross-site scripting occurs via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. |
| CVE-2024-37891 | Moderate | 2024-06-17 | urllib3: proxy-authorization request header is not stripped during cross-origin redirects | .egg-info packages, like urllib3-1.24.2-py3.6.egg-info, store only metadata such as package version and dependencies and do not contain any affected codebase. |
| CVE-2024-24790 | Moderate | 2024-06-04 | golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses | This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-115: Misinterpretation of Input vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Controls such as input validation and error handling mitigate input misinterpretation risks by enforcing strict validation rules and secure error management. Error handling ensures inputs are validated against predefined formats, preventing malformed data from being misinterpreted. Techniques like strong typing, allow listing, and proper encoding reduce the likelihood of injection attacks and unintended code execution. Input validation also ensures that errors do not expose sensitive system details or cause unpredictable behavior. Secure error handling prevents information leakage through detailed error messages while preserving system stability under malformed input conditions. Together, these controls reduce the attack surface by maintaining consistent input processing and preventing exploitable system states, strengthening the overall security posture. |
| CVE-2024-35195 | Moderate | 2024-05-20 | requests: subsequent requests to the same host ignore cert verification | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-670: Always-Incorrect Control Flow Implementation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform's orchestration features, such as liveness and readiness probes, automated pod restarts, and health monitoring, help to quickly detect and recover from service-level failures resulting from incorrect control flows. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Additionally, process isolation ensures that component issues are contained within the originating process, preventing them from affecting other processes or the system as a whole. |
| CVE-2024-24788 | Moderate | 2024-05-08 | golang: net: malformed DNS message can cause infinite loop | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform enforces hardening guidelines to ensure the most restrictive setting needed for operational requirements. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, enabling capabilities like excessive CPU usage, long execution times, or processes consuming abnormal amounts of memory. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing infinite loops caused by malformed or unexpected input, such as unbounded user input or unexpected null values that cause loops to never terminate. In the event of successful exploitation, process isolation limits the effect of an infinite loop to a single process rather than allowing it to consume all system resources. |
| CVE-2024-34064 | Moderate | 2024-05-06 | jinja2: accepts keys containing non-attribute characters | The fix for CVE-2024-22195 only addressed spaces, not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. Fence agents on RHEL 8 has been fixed as a part of https://access.redhat.com/errata/RHBA-2024:4238 |
| CVE-2024-4340 | Moderate | 2024-04-30 | sqlparse: parsing heavily nested list leads to denial of service | Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse(), where a recursion error may be triggered, which can lead to a denial of service. |
| CVE-2024-33663 | Moderate | 2024-04-26 | python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. |
| CVE-2024-32879 | Moderate | 2024-04-24 | python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django | Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. |
| CVE-2024-27306 | Moderate | 2024-04-18 | aiohttp: XSS on index pages for static file handling | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static(..., show_index=True)", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to cross-site scripting (XSS) attacks. |
| CVE-2024-3772 | Moderate | 2024-04-15 | python-pydantic: regular expression denial of service via crafted email string | Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string. |
| CVE-2024-3651 | Moderate | 2024-04-12 | python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() | The vulnerability in the idna.encode() function, allowing for resource consumption via specially crafted arguments, is categorized as a moderate severity issue due to its potential impact on system availability rather than data integrity or confidentiality. While the vulnerability can lead to a denial-of-service condition, it requires the passing of unusually large or maliciously crafted inputs to exploit. Normal usage scenarios typically do not encounter such inputs. |
| CVE-2024-28219 | Moderate | 2024-04-01 | python-pillow: buffer overflow in _imagingcms.c | This flaw can be triggered when the ImageCms.buildTransform function is called with the InMode or OutMode arguments with a string larger than 8 bytes. An application is not vulnerable if these parameters are not controlled by the user or are validated before the function is called. Additionally, the Pillow ImageCms module functions should not be exposed to untrusted usage without input validation. For this reason, this flaw has been rated with a moderate impact. |
| CVE-2024-21503 | Moderate | 2024-03-19 | psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file | Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. The python-black package is susceptible to a regular expression denial of service (ReDoS) vulnerability, found in the lines_with_leading_tabs_expanded() function within the strings.py file. This vulnerability could be exploited by running Black on untrusted input or by inserting numerous leading tab characters into docstrings. This flaw allows attackers to craft malicious input to trigger a denial of service. |
| CVE-2024-28849 | Moderate | 2024-03-14 | follow-redirects: Possible credential leak | follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality. |
| CVE-2024-28102 | Moderate | 2024-03-08 | python-jwcrypto: malicious JWE token can cause denial of service | The CVE-2024-28102 vulnerability in JWCrypto represents a moderate severity issue due to its potential impact on system availability and resource consumption. While the vulnerability allows for a denial of service (DoS) attack, it requires an attacker to craft a malicious JWE Token with a high compression ratio. This specific condition limits the practical exploitability of the vulnerability to some extent, as it demands a more sophisticated attack approach than common vulnerabilities. Nonetheless, if exploited, the vulnerability can lead to significant memory exhaustion and increased server processing time, impacting the overall performance and availability of the affected system. |
| CVE-2023-45290 | Moderate | 2024-03-05 | golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm | When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. |
| CVE-2024-24783 | Moderate | 2024-03-05 | golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm | Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. |
| CVE-2024-27351 | Moderate | 2024-03-04 | python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewords_html filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service. |
| CVE-2023-29483 | Moderate | 2024-02-09 | dnspython: denial of service in stub resolver | The vulnerability in dnspython where it may accept a malicious DNS response over a legitimate one due to timing issues poses a moderate severity risk. While the impact is limited to potential denial of service for DNS resolution requests, it requires precise timing and the ability to send malicious responses before legitimate ones arrive. This attack vector relies on the attacker's ability to predict or manipulate the timing of DNS responses, making it more complex to exploit compared to other vulnerabilities. However, if successfully exploited, it can disrupt DNS resolution services, affecting the availability of the targeted domain or service. |
| CVE-2024-24680 | Moderate | 2024-02-06 | Django: denial-of-service in ``intcomma`` template filter | Redhat has rated this vulnerability as moderate severity because exploitation of this vulnerability is only theoretical in nature and can only result in a denial of service bug. |
| CVE-2024-23334 | Moderate | 2024-01-30 | aiohttp: follow_symlinks directory traversal vulnerability | This vulnerability has been rated as having a moderate impact. There is a non-default precondition which is required to exploit it: the follow_symlinks setting needs to be enabled. |
| CVE-2024-23829 | Moderate | 2024-01-30 | python-aiohttp: http request smuggling | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability. An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of additional requests. |
| CVE-2024-0690 | Moderate | 2024-01-18 | ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. |
| CVE-2024-22195 | Moderate | 2024-01-11 | jinja2: HTML attribute injection when passing user input as keys to xmlattr filter | The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk. |
| CVE-2023-49295 | Moderate | 2024-01-10 | quic-go: memory exhaustion attack against QUIC's path validation mechanism | quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4. A memory exhaustion vulnerability was found in Quic-GO, where a malicious client exploits the path validation mechanism to induce the server into accumulating an unbounded queue of PATH_RESPONSE frames, depleting its memory. The attacker controls the victim's packet send rate by overwhelming the server with numerous packets containing PATH_CHALLENGE frames. Through selective acknowledgments of received packets and manipulation of peer's Round-Trip Time (RTT) estimates, the attacker induces congestion control mechanisms to reduce the server's send rate significantly. Consequently, the victim server is compelled to store an increasing number of queued PATH_RESPONSE frames, resulting in memory exhaustion. |
| CVE-2023-52323 | Moderate | 2024-01-05 | pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex | Red Hat Satellite ship affected version of pycryptodome for pulp_container, however, product is not vulnerable as it doesn't utilize OAEP algorithm technique. Red Hat Product Security has classified its impact as Low for Red Hat Satellite; future updates expected to address this issue. Red Hat OpenStack 16.1 and 16.2 versions include affected python-scciclient embedded through the python-crypto package, however, python-scciclient employs only one algorithm, which is AES. While the version of python-crypto we ship may be susceptible to a particular CVE, since affected algorithms are not utilized by OpenStack, the attack cannot be executed to exploit an OpenStack deployment |
| CVE-2023-39326 | Moderate | 2023-12-06 | golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks. |
| CVE-2023-49081 | Moderate | 2023-11-30 | aiohttp: HTTP request modification | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts. |
| CVE-2023-49083 | Moderate | 2023-11-28 | python-cryptography: NULL-dereference when loading PKCS7 certificates | This vulnerability arises when functions like "load_pem_pkcs7_certificates" or "load_der_pkcs7_certificates" are invoked, triggering the issue during the deserialization of PKCS7 blobs or certificates. The moderate rating is based on the fact that the vulnerability can lead to a segmentation fault, posing a risk of disrupting the normal functioning of any application attempting to deserialize the mentioned certificates. While the impact is significant in terms of service denial and potential system instability, the severity is deemed moderate as it does not directly expose sensitive data or allow for remote code execution, focusing primarily on the localized consequences of a DoS scenario. |
| CVE-2022-40896 | Moderate | 2023-11-26 | pygments: ReDoS in pygments | https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ https://data.safetycli.com/vulnerabilities/CVE-2022-40896/58910/?utm_source=pyupio&utm_medium=redirect&utm_campaign=pyup_rd&utm_id=0817&utm_content=data Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Access to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute code or upload files. Red Hat enforces least functionality by enabling only essential features, services, and ports, and applies hardening guidelines to ensure the most restrictive configurations necessary for operational requirements. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code and files before execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing the impact. Finally, the ROSA platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen defenses against malicious file uploads and memory-based attacks. |
| CVE-2023-47627 | Moderate | 2023-11-15 | python-aiohttp: numerous issues in HTTP parser with header parsing | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues. An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests. |
| CVE-2023-45857 | Moderate | 2023-11-09 | axios: exposure of confidential data stored in cookies | For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue. |
| CVE-2023-5764 | Moderate | 2023-11-02 | ansible: Template Injection | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. |
| CVE-2023-46137 | Moderate | 2023-10-25 | python-twisted: disordered HTTP pipeline response in twisted.web | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. |
| CVE-2023-43665 | Moderate | 2023-10-04 | python-django: Denial-of-service possibility in django.utils.text.Truncator | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs. |
| CVE-2023-43804 | Moderate | 2023-10-04 | python-urllib3: Cookie request header isn't stripped during cross-origin redirects | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. |
| CVE-2023-5189 | Moderate | 2023-09-26 | Hub: insecure galaxy-importer tarfile extraction | A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. |
| CVE-2023-5115 | Moderate | 2023-09-21 | Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files | An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. |
| CVE-2023-39321 | Moderate | 2023-09-06 | golang: crypto/tls: panic when processing post-handshake message on QUIC connections | Processing an incomplete post-handshake message for a QUIC connection can cause a panic. A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic. |
| CVE-2023-39322 | Moderate | 2023-09-06 | golang: crypto/tls: lack of a limit on buffered post-handshake | QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size. |
| CVE-2023-41164 | Moderate | 2023-09-04 | python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service. |
| CVE-2023-41040 | Moderate | 2023-08-31 | GitPython: Blind local file inclusion | This vulnerability cannot be used to read the contents of files but could be used to trigger a denial of service for the program. |
| CVE-2023-4380 | Moderate | 2023-08-16 | platform: token exposed at importing project | A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. |
| CVE-2023-40267 | Moderate | 2023-08-11 | GitPython: Insecure non-multi options in clone and clone_from is not blocked | In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. Red Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate. |
| CVE-2023-4237 | Moderate | 2023-08-08 | platform: ec2_key module prints out the private key directly to the standard output | A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. |
| CVE-2023-29409 | Moderate | 2023-08-02 | golang: crypto/tls: slow verification of certificate chains containing large RSA keys | Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks. |
| CVE-2023-3971 | Moderate | 2023-07-27 | Controller: Html injection in custom login info | An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. |
| CVE-2023-36053 | Moderate | 2023-07-03 | python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs. |
| CVE-2023-44271 | Moderate | 2023-06-30 | python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument | This security vulnerability is categorized as having a moderate impact because it only results in increased memory consumption when exceptionally long strings are utilized as text input. |
| CVE-2023-32681 | Moderate | 2023-05-23 | python-requests: Unintended leak of Proxy-Authorization header | Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080). |
| CVE-2023-24580 | Moderate | 2023-02-14 | python-django: Potential denial-of-service vulnerability in file uploads | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service. |
| CVE-2023-23931 | Moderate | 2023-02-08 | python-cryptography: memory corruption via immutable objects | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output. |
| CVE-2025-26699 | Moderate | 2025-03-06 | django: Potential denial-of-service vulnerability in django.utils.text.wrap() | This vulnerability is rated as a Moderate severity because it exposes the wrap() method and wordwrap template filter to a potential denial of service attack. Malicious input containing extremely long strings could cause excessive processing, leading to resource exhaustion. However, it does not affect data confidentiality or integrity. |
| CVE-2025-26791 | Moderate | 2025-02-14 | dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression. |
| CVE-2024-55565 | Moderate | 2024-12-09 | nanoid: nanoid mishandles non-integer values | nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. |
| CVE-2024-53259 | Moderate | 2024-12-02 | quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux | In regulated environments, certain controls are used together that help prevent CWE-345: Insufficient Verification of Data Authenticity. As a result, this vulnerability has been downgraded from Moderate to Low severity. Red Hat restricts access to all information contained within the platform by default. Access to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, ensuring that mechanisms such as digital signatures or certificates verify the authenticity and origin of data. External infrastructure and internal cluster certificates are established and maintained within the secure environment. The platform enforces validated cryptographic modules across all compute resources, helping prevent unauthorized actors from accessing or interpreting exposed information, even if it is intercepted. |
| CVE-2024-11483 | Moderate | 2024-11-20 | automation-gateway: aap-gateway: Improper Scope Handling in OAuth2 Tokens for AAP 2.5 | A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services. A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services. |
| CVE-2024-11079 | Moderate | 2024-11-11 | ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core | A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. |
| CVE-2024-10033 | Moderate | 2024-10-16 | aap-gateway: XSS on aap-gateway | A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. |
| CVE-2024-45230 | Moderate | 2024-09-03 | python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() | CVE-2024-45230 is classified as a moderate severity vulnerability because, while it presents a potential denial-of-service (DoS) risk, it does not directly expose the application to data breaches or arbitrary code execution. The vulnerability arises from inefficient handling of very large inputs with specific character sequences in the `urlize()` and `urlizetrunc()` functions. However, the attack requires carefully crafted input and only leads to resource exhaustion (such as CPU or memory overload) under specific conditions, making it less likely to be exploited in typical production environments. This reduces its impact compared to vulnerabilities that allow unauthorized access or significant system compromise, hence the moderate severity rating. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks. |
| CVE-2024-22189 | Moderate | 2024-04-04 | quic-go: memory exhaustion attack against QUIC's connection ID mechanism | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame, but the attacker can prevent the receiver from sending out the vast majority of these RETIRE_CONNECTION_ID frames by selectively acknowledging received packets and collapsing the peers congestion window and by manipulating the peer's RTT estimate. |
| CVE-2024-39329 | Low | 2024-07-09 | python-django: Username enumeration through timing difference for users with unusable passwords | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate() method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. |
| CVE-2024-39330 | Low | 2024-07-09 | python-django: Potential directory-traversal in django.core.files.storage.Storage.save() | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generate_filename() without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability. |
| CVE-2023-49082 | Low | 2023-11-29 | aiohttp: CRLF injection if user controls the HTTP method using aiohttp client | The vulnerability only occurs if the attacker can control the HTTP method (GET, POST etc.) of the request. |
| CVE-2023-5752 | Low | 2023-10-25 | pip: Mercurial configuration injectable in repo revision when installing via pip | Mercurial is not available in RHEL 8 and 9, so the vulnerability cannot be exploited. Without mercurial installed (the hg command), pip cannot clone and install from hg+http[s] URLs. |