Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-23829 (GCVE-0-2024-23829)
Vulnerability from cvelistv5 – Published: 2024-01-29 22:41 – Updated: 2025-11-03 20:36
VLAI
EPSS
Title
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
Severity
6.5 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/aio-libs/aiohttp/security/advi… | x_refsource_CONFIRM |
| https://github.com/aio-libs/aiohttp/pull/8074 | x_refsource_MISC |
| https://github.com/aio-libs/aiohttp/commit/33ccdf… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:49.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8074",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:40:08.863740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:29:17.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T03:06:26.337Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8074",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
],
"source": {
"advisory": "GHSA-8qpw-xqxj-h4r2",
"discovery": "UNKNOWN"
},
"title": "aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23829",
"datePublished": "2024-01-29T22:41:35.032Z",
"dateReserved": "2024-01-22T22:23:54.338Z",
"dateUpdated": "2025-11-03T20:36:49.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-23829",
"date": "2026-05-29",
"epss": "0.00488",
"percentile": "0.65755"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23829\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-29T23:15:08.767\",\"lastModified\":\"2025-11-03T21:16:06.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.\"},{\"lang\":\"es\",\"value\":\"aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las partes sensibles a la seguridad del analizador HTTP de Python conservaron diferencias menores en los conjuntos de caracteres permitidos, que deben activar el manejo de errores para hacer coincidir de manera s\u00f3lida los l\u00edmites de marco de los servidores proxy para proteger contra la inyecci\u00f3n de solicitudes adicionales. Adem\u00e1s, la validaci\u00f3n podr\u00eda desencadenar excepciones que no se manejaron de manera consistente con el procesamiento de otras entradas con formato incorrecto. Ser m\u00e1s indulgente de lo que exigen los est\u00e1ndares de Internet podr\u00eda, seg\u00fan el entorno de implementaci\u00f3n, ayudar en el contrabando de solicitudes. La excepci\u00f3n no controlada podr\u00eda causar un consumo excesivo de recursos en el servidor de aplicaciones y/o sus instalaciones de registro. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2023-47627. La versi\u00f3n 3.9.2 corrige esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.2\",\"matchCriteriaId\":\"A69737C5-7602-4816-A6FD-4483CDBE3C39\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/pull/8074\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/pull/8074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\", \"name\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/aio-libs/aiohttp/pull/8074\", \"name\": \"https://github.com/aio-libs/aiohttp/pull/8074\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\", \"name\": \"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:36:49.579Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23829\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-01T16:40:08.863740Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T21:27:36.884Z\"}}], \"cna\": {\"title\": \"aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators\", \"source\": {\"advisory\": \"GHSA-8qpw-xqxj-h4r2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"aio-libs\", \"product\": \"aiohttp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.9.2\"}]}], \"references\": [{\"url\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\", \"name\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/aio-libs/aiohttp/pull/8074\", \"name\": \"https://github.com/aio-libs/aiohttp/pull/8074\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\", \"name\": \"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-09T03:06:26.337Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23829\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:36:49.579Z\", \"dateReserved\": \"2024-01-22T22:23:54.338Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-29T22:41:35.032Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость HTTP-клиента aiohttp, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"
Description
Уязвимость HTTP-клиента aiohttp связана с недостатками обработки HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять атаку "контрабанда HTTP-запросов"
Severity
Vendor
ООО «Ред Софт», Fedora Project, Сообщество свободного программного обеспечения
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Fedora, aiohttp
Software Version
7.3 (РЕД ОС), 39 (Fedora), до 3.9.2 (aiohttp)
Possible Mitigations
Использование рекомендаций:
Для aiohttp:
https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
https://github.com/aio-libs/aiohttp/pull/8074
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-444
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 39 (Fedora), \u0434\u043e 3.9.2 (aiohttp)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f aiohttp:\nhttps://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.02.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00996",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-23829",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Fedora, aiohttp",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Fedora Project Fedora 39 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 aiohttp, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \"\u043a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\"",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u043a\u043b\u0438\u0435\u043d\u0442\u0430 aiohttp \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \"\u043a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\"",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827\nhttps://github.com/aio-libs/aiohttp/pull/8074\nhttps://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CERTFR-2024-AVI-0199
Vulnerability from certfr_avis - Published: 2024-03-08 - Updated: 2024-03-08
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Service Registry and Repository versions 8.5.x antérieures à WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de sécurité V8.5.6.3_IJ50069 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.19.0 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.19.0 | ||
| IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 10 | ||
| IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 06 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Service Registry and Repository versions 8.5.x ant\u00e9rieures \u00e0 WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de s\u00e9curit\u00e9 V8.5.6.3_IJ50069",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 10",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 06",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"name": "CVE-2023-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34478"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21334"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-47248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
},
{
"name": "CVE-2018-16886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2023-40743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40743"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
}
],
"initial_release_date": "2024-03-08T00:00:00",
"last_revision_date": "2024-03-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7130806 du 07 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7130806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129989 du 06 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129989"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129833 du 04 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129833"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129327 du 01 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129327"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129821 du 04 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129821"
}
]
}
CERTFR-2025-AVI-0538
Vulnerability from certfr_avis - Published: 2025-06-26 - Updated: 2025-06-26
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu pour Postgres versions antérieures à 13.21.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions 14.x antérieures à 14.18.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions 17.x antérieures à 17.5.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions 16x antérieures à 16.9.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions 15.x antérieures à 15.13.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 13.21.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 14.x ant\u00e9rieures \u00e0 14.18.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 17.x ant\u00e9rieures \u00e0 17.5.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 16x ant\u00e9rieures \u00e0 16.9.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions 15.x ant\u00e9rieures \u00e0 15.13.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2024-5998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5998"
},
{
"name": "CVE-2024-31583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31583"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-11392",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11392"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2024-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
},
{
"name": "CVE-2024-7804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7804"
},
{
"name": "CVE-2024-39705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39705"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-3571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3571"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3095"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-11393",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11393"
},
{
"name": "CVE-2024-28219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28219"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2024-12720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-5206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
},
{
"name": "CVE-2024-27454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27454"
},
{
"name": "CVE-2024-42367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42367"
},
{
"name": "CVE-2024-43497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43497"
},
{
"name": "CVE-2024-8309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8309"
},
{
"name": "CVE-2024-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0243"
},
{
"name": "CVE-2024-31580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31580"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2024-11394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11394"
},
{
"name": "CVE-2023-47248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-2965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2965"
},
{
"name": "CVE-2024-28088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28088"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-1455",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1455"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
}
],
"initial_release_date": "2025-06-26T00:00:00",
"last_revision_date": "2025-06-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0538",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35866",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35866"
},
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35867",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35867"
}
]
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
FKIE_CVE-2024-23829
Vulnerability from fkie_nvd - Published: 2024-01-29 23:15 - Updated: 2025-11-03 21:16
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 | Patch | |
| security-advisories@github.com | https://github.com/aio-libs/aiohttp/pull/8074 | Patch | |
| security-advisories@github.com | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 | Exploit, Patch, Vendor Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aio-libs/aiohttp/pull/8074 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/ | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aiohttp | aiohttp | * | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A69737C5-7602-4816-A6FD-4483CDBE3C39",
"versionEndExcluding": "3.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las partes sensibles a la seguridad del analizador HTTP de Python conservaron diferencias menores en los conjuntos de caracteres permitidos, que deben activar el manejo de errores para hacer coincidir de manera s\u00f3lida los l\u00edmites de marco de los servidores proxy para proteger contra la inyecci\u00f3n de solicitudes adicionales. Adem\u00e1s, la validaci\u00f3n podr\u00eda desencadenar excepciones que no se manejaron de manera consistente con el procesamiento de otras entradas con formato incorrecto. Ser m\u00e1s indulgente de lo que exigen los est\u00e1ndares de Internet podr\u00eda, seg\u00fan el entorno de implementaci\u00f3n, ayudar en el contrabando de solicitudes. La excepci\u00f3n no controlada podr\u00eda causar un consumo excesivo de recursos en el servidor de aplicaciones y/o sus instalaciones de registro. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2023-47627. La versi\u00f3n 3.9.2 corrige esta vulnerabilidad."
}
],
"id": "CVE-2024-23829",
"lastModified": "2025-11-03T21:16:06.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-29T23:15:08.767",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-8QPW-XQXJ-H4R2
Vulnerability from github – Published: 2024-01-29 22:30 – Updated: 2025-11-03 22:35
VLAI
Summary
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Details
Summary
Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input.
Details
These problems are rooted in pattern matching protocol elements, previously improved by PR #3235 and GHSA-gfw2-4jvh-wgfg:
-
The expression
HTTP/(\d).(\d)lacked another backslash to clarify that the separator should be a literal dot, not just any Unicode code point (result:HTTP/(\d)\.(\d)). -
The HTTP version was permitting Unicode digits, where only ASCII digits are standards-compliant.
-
Distinct regular expressions for validating HTTP Method and Header field names were used - though both should (at least) apply the common restrictions of rfc9110
token.
PoC
GET / HTTP/1ö1
GET / HTTP/1.𝟙
GET/: HTTP/1.1
Content-Encoding?: chunked
Impact
Primarily concerns running an aiohttp server without llhttp: 1. behind a proxy: Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. 2. directly accessible or exposed behind proxies relaying malformed input: the unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities.
Patch: https://github.com/aio-libs/aiohttp/pull/8074/files
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aiohttp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-23829"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-29T22:30:07Z",
"nvd_published_at": "2024-01-29T23:15:08Z",
"severity": "MODERATE"
},
"details": "### Summary\nSecurity-sensitive parts of the *Python HTTP parser* retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input.\n\n### Details\nThese problems are rooted in pattern matching protocol elements, previously improved by PR #3235 and GHSA-gfw2-4jvh-wgfg:\n\n1. The expression `HTTP/(\\d).(\\d)` lacked another backslash to clarify that the separator should be a literal dot, not just *any* Unicode code point (result: `HTTP/(\\d)\\.(\\d)`).\n\n2. The HTTP version was permitting Unicode digits, where only ASCII digits are standards-compliant.\n\n3. Distinct regular expressions for validating HTTP Method and Header field names were used - though both should (at least) apply the common restrictions of rfc9110 `token`.\n\n### PoC\n`GET / HTTP/1\u00f61`\n`GET / HTTP/1.\ud835\udfd9`\n`GET/: HTTP/1.1`\n`Content-Encoding?: chunked`\n\n### Impact\nPrimarily concerns running an aiohttp server without llhttp:\n 1. **behind a proxy**: Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling.\n 2. **directly accessible** or exposed behind proxies relaying malformed input: the unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/pull/8074/files",
"id": "GHSA-8qpw-xqxj-h4r2",
"modified": "2025-11-03T22:35:14Z",
"published": "2024-01-29T22:30:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/pull/3235"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/pull/8074/files"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"type": "PACKAGE",
"url": "https://github.com/aio-libs/aiohttp"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators"
}
GSD-2024-23829
Vulnerability from gsd - Updated: 2024-01-23 06:02Details
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23829"
],
"details": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.",
"id": "GSD-2024-23829",
"modified": "2024-01-23T06:02:22.191716Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-23829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "aiohttp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 3.9.2"
}
]
}
}
]
},
"vendor_name": "aio-libs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-444",
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"refsource": "MISC",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8074",
"refsource": "MISC",
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"refsource": "MISC",
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
]
},
"source": {
"advisory": "GHSA-8qpw-xqxj-h4r2",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A69737C5-7602-4816-A6FD-4483CDBE3C39",
"versionEndExcluding": "3.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las partes sensibles a la seguridad del analizador HTTP de Python conservaron diferencias menores en los conjuntos de caracteres permitidos, que deben activar el manejo de errores para hacer coincidir de manera s\u00f3lida los l\u00edmites de marco de los servidores proxy para proteger contra la inyecci\u00f3n de solicitudes adicionales. Adem\u00e1s, la validaci\u00f3n podr\u00eda desencadenar excepciones que no se manejaron de manera consistente con el procesamiento de otras entradas con formato incorrecto. Ser m\u00e1s indulgente de lo que exigen los est\u00e1ndares de Internet podr\u00eda, seg\u00fan el entorno de implementaci\u00f3n, ayudar en el contrabando de solicitudes. La excepci\u00f3n no controlada podr\u00eda causar un consumo excesivo de recursos en el servidor de aplicaciones y/o sus instalaciones de registro. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2023-47627. La versi\u00f3n 3.9.2 corrige esta vulnerabilidad."
}
],
"id": "CVE-2024-23829",
"lastModified": "2024-02-09T03:15:09.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-29T23:15:08.767",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
MSRC_CVE-2024-23829
Vulnerability from csaf_microsoft - Published: 2024-01-01 08:00 - Updated: 2026-02-18 14:49Summary
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Affected products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23829 aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-23829.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators",
"tracking": {
"current_release_date": "2026-02-18T14:49:03.000Z",
"generator": {
"date": "2026-02-21T01:47:58.653Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-23829",
"initial_release_date": "2024-01-01T08:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T23:12:33.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:49:03.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 mozjs 102.15.1-1",
"product": {
"name": "azl3 mozjs 102.15.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23829",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0026#39;HTTP Request/Response Smuggling\u0026#39;)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23829 aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-23829.json"
}
],
"title": "aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators"
}
]
}
PYSEC-2024-26
Vulnerability from pysec - Published: 2024-01-29 23:15 - Updated: 2024-02-06 20:20
VLAI
Details
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
Severity
6.5 (Medium)
Impacted products
| Name | purl | aiohttp | pkg:pypi/aiohttp |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aiohttp",
"purl": "pkg:pypi/aiohttp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "33ccdfb0a12690af5bb49bda2319ec0907fa7827"
}
],
"repo": "https://github.com/aio-libs/aiohttp",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1",
"0.10.0",
"0.10.1",
"0.10.2",
"0.11.0",
"0.12.0",
"0.13.0",
"0.13.1",
"0.14.0",
"0.14.1",
"0.14.2",
"0.14.3",
"0.14.4",
"0.15.0",
"0.15.1",
"0.15.2",
"0.15.3",
"0.16.0",
"0.16.1",
"0.16.2",
"0.16.3",
"0.16.4",
"0.16.5",
"0.16.6",
"0.17.0",
"0.17.1",
"0.17.2",
"0.17.3",
"0.17.4",
"0.18.0",
"0.18.1",
"0.18.2",
"0.18.3",
"0.18.4",
"0.19.0",
"0.2",
"0.20.0",
"0.20.1",
"0.20.2",
"0.21.0",
"0.21.1",
"0.21.2",
"0.21.4",
"0.21.5",
"0.21.6",
"0.22.0",
"0.22.0a0",
"0.22.0b0",
"0.22.0b1",
"0.22.0b2",
"0.22.0b3",
"0.22.0b4",
"0.22.0b5",
"0.22.0b6",
"0.22.1",
"0.22.2",
"0.22.3",
"0.22.4",
"0.22.5",
"0.3",
"0.4",
"0.4.1",
"0.4.2",
"0.4.3",
"0.4.4",
"0.5.0",
"0.6.0",
"0.6.1",
"0.6.2",
"0.6.3",
"0.6.4",
"0.6.5",
"0.7.0",
"0.7.1",
"0.7.2",
"0.7.3",
"0.8.0",
"0.8.1",
"0.8.2",
"0.8.3",
"0.8.4",
"0.9.0",
"0.9.1",
"0.9.2",
"0.9.3",
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.5",
"1.1.0",
"1.1.1",
"1.1.2",
"1.1.3",
"1.1.4",
"1.1.5",
"1.1.6",
"1.2.0",
"1.3.0",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.3.5",
"2.0.0",
"2.0.0rc1",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.3.0",
"2.3.0a1",
"2.3.0a2",
"2.3.0a3",
"2.3.0a4",
"2.3.1",
"2.3.10",
"2.3.1a1",
"2.3.2",
"2.3.2b2",
"2.3.2b3",
"2.3.3",
"2.3.4",
"2.3.5",
"2.3.6",
"2.3.7",
"2.3.8",
"2.3.9",
"3.0.0",
"3.0.0b0",
"3.0.0b1",
"3.0.0b2",
"3.0.0b3",
"3.0.0b4",
"3.0.1",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.1.0",
"3.1.1",
"3.1.2",
"3.1.3",
"3.2.0",
"3.2.1",
"3.3.0",
"3.3.0a0",
"3.3.1",
"3.3.2",
"3.3.2a0",
"3.4.0",
"3.4.0a0",
"3.4.0a3",
"3.4.0b1",
"3.4.0b2",
"3.4.1",
"3.4.2",
"3.4.3",
"3.4.4",
"3.5.0",
"3.5.0a1",
"3.5.0b1",
"3.5.0b2",
"3.5.0b3",
"3.5.1",
"3.5.2",
"3.5.3",
"3.5.4",
"3.6.0",
"3.6.0a0",
"3.6.0a1",
"3.6.0a11",
"3.6.0a12",
"3.6.0a2",
"3.6.0a3",
"3.6.0a4",
"3.6.0a5",
"3.6.0a6",
"3.6.0a7",
"3.6.0a8",
"3.6.0a9",
"3.6.0b0",
"3.6.1",
"3.6.1b3",
"3.6.1b4",
"3.6.2",
"3.6.2a0",
"3.6.2a1",
"3.6.2a2",
"3.6.3",
"3.7.0",
"3.7.0b0",
"3.7.0b1",
"3.7.1",
"3.7.2",
"3.7.3",
"3.7.4",
"3.7.4.post0",
"3.8.0",
"3.8.0a7",
"3.8.0b0",
"3.8.1",
"3.8.2",
"3.8.3",
"3.8.4",
"3.8.5",
"3.8.6",
"3.9.0",
"3.9.0b0",
"3.9.0b1",
"3.9.0rc0",
"3.9.1"
]
}
],
"aliases": [
"CVE-2024-23829",
"GHSA-8qpw-xqxj-h4r2"
],
"details": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.",
"id": "PYSEC-2024-26",
"modified": "2024-02-06T20:20:18.162431+00:00",
"published": "2024-01-29T23:15:00+00:00",
"references": [
{
"type": "EVIDENCE",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"type": "FIX",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"type": "ADVISORY",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"type": "FIX",
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"type": "FIX",
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"type": "ARTICLE",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
RHSA-2024:1536
Vulnerability from csaf_redhat - Published: 2024-03-27 13:22 - Updated: 2026-04-30 16:23Summary
Red Hat Security Advisory: Satellite 6.14.3 Async Security Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Satellite 6.14 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content
2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint "rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq"
2266140 - wrong links to provisioning guide in CR help
2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors
2266144 - Promoting a composite content view to environment with registry name as "<%= lifecycle_environment.label %>/<%= repository.name %>" on Red Hat Satellite 6 fails with "'undefined method '#label' for NilClass::Jail (NilClass)'"
2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
2266146 - katello:reimport fails with "TypeError: no implicit conversion of String into Integer" when there are product contents to move
2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context"
2266148 - Adding a CV to a CCV lists CV versions disorderly
2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step
2266413 - [RFE] "Add content view" window and "Update version" window should display content view version, description and publishing date
2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
6.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Threats
Impact
Moderate
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Threats
Impact
Moderate
An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
Known not affected
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Threats
Impact
Moderate
A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.
5.8 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
Known not affected
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Threats
Impact
Moderate
A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if a given file path is within the root directory. This issue can lead to a directory traversal vulnerability, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.
5.9 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Workaround
|
Threats
Impact
Moderate
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of additional requests.
6.5 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 | — |
Vendor Fix
fix
|
Known not affected
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src | — |
Threats
Impact
Moderate
References
60 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:1536 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234387 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241046 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2249825 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252235 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257854 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2261887 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2261909 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266107 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266110 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266113 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266139 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266140 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266141 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266142 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266144 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266145 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266146 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266147 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266148 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266149 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2266413 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-5189 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234387 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-5189 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-5189 | external |
| https://access.redhat.com/security/cve/CVE-2023-43665 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241046 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-43665 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-43665 | external |
| https://www.djangoproject.com/weblog/2023/oct/04/… | external |
| https://access.redhat.com/security/cve/CVE-2023-47627 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2249825 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47627 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47627 | external |
| https://github.com/aio-libs/aiohttp/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2023-49081 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252235 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-49081 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-49081 | external |
| https://github.com/aio-libs/aiohttp/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2024-22195 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257854 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-22195 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-22195 | external |
| https://github.com/pallets/jinja/releases/tag/3.1.3 | external |
| https://github.com/pallets/jinja/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2024-23334 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2261887 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-23334 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-23334 | external |
| https://github.com/aio-libs/aiohttp/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2024-23829 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2261909 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-23829 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-23829 | external |
| https://github.com/aio-libs/aiohttp/security/advi… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Satellite 6.14 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)\n* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)\n* python-aiohttp: http request smuggling (CVE-2024-23829)\n* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)\n* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)\n* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)\n* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)\n\nBug Fix(es):\n2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.\n2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content\n2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint \"rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq\"\n2266140 - wrong links to provisioning guide in CR help\n2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors\n2266144 - Promoting a composite content view to environment with registry name as \"\u003c%= lifecycle_environment.label %\u003e/\u003c%= repository.name %\u003e\" on Red Hat Satellite 6 fails with \"\u0027undefined method \u0027#label\u0027 for NilClass::Jail (NilClass)\u0027\"\n2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate\n2266146 - katello:reimport fails with \"TypeError: no implicit conversion of String into Integer\" when there are product contents to move\n2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint \"katello_available_module_streams_name_stream_context\"\n2266148 - Adding a CV to a CCV lists CV versions disorderly\n2266149 - \u0027Remove orphans\u0027 task fails on DeleteOrphanAlternateContentSources step\n2266413 - [RFE] \"Add content view\" window and \"Update version\" window should display content view version, description and publishing date \n2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.\n2266141 - wrong link to scap content documentation \nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1536",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "2266107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266107"
},
{
"category": "external",
"summary": "2266110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266110"
},
{
"category": "external",
"summary": "2266113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266113"
},
{
"category": "external",
"summary": "2266139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266139"
},
{
"category": "external",
"summary": "2266140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266140"
},
{
"category": "external",
"summary": "2266141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266141"
},
{
"category": "external",
"summary": "2266142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266142"
},
{
"category": "external",
"summary": "2266144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266144"
},
{
"category": "external",
"summary": "2266145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266145"
},
{
"category": "external",
"summary": "2266146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266146"
},
{
"category": "external",
"summary": "2266147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266147"
},
{
"category": "external",
"summary": "2266148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266148"
},
{
"category": "external",
"summary": "2266149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266149"
},
{
"category": "external",
"summary": "2266413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266413"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1536.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.3 Async Security Update",
"tracking": {
"current_release_date": "2026-04-30T16:23:05+00:00",
"generator": {
"date": "2026-04-30T16:23:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:1536",
"initial_release_date": "2024-03-27T13:22:31+00:00",
"revision_history": [
{
"date": "2024-03-27T13:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-27T13:22:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:23:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product_id": "candlepin-0:4.3.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_id": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp@3.9.2-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_id": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ansible-builder@1.2.0-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_id": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-async-timeout@4.0.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.22-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.22-1.el8pc.src",
"product_id": "python-django-0:3.2.22-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.22-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_id": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flake8@5.0.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_id": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-galaxy-importer@0.4.18-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_id": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jinja2@3.1.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_id": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-mccabe@0.7.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_id": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.22.22-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_id": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.19.12-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_id": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pycodestyle@2.9.1-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_id": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyflakes@2.5.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.src",
"product_id": "satellite-0:6.14.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_id": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-ansible-builder@1.2.0-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_id": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-async-timeout@4.0.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_id": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.22-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_id": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-flake8@5.0.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_id": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-galaxy-importer@0.4.18-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_id": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-jinja2@3.1.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_id": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-mccabe@0.7.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.22.22-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_id": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-rpm@3.19.12-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_id": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pycodestyle@2.9.1-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_id": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pyflakes@2.5.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp-debugsource@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp-debuginfo@3.9.2-0.1.el8pc?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.src",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5189",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2023-08-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2234387"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Hub: insecure galaxy-importer tarfile extraction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"category": "external",
"summary": "RHBZ#2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189"
}
],
"release_date": "2023-09-26T05:28:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction"
},
{
"cve": "CVE-2023-43665",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-09-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241046"
}
],
"notes": [
{
"category": "description",
"text": "An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Denial-of-service possibility in django.utils.text.Truncator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43665"
},
{
"category": "external",
"summary": "RHBZ#2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"
}
],
"release_date": "2023-10-04T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Denial-of-service possibility in django.utils.text.Truncator"
},
{
"cve": "CVE-2023-47627",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-11-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249825"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: numerous issues in HTTP parser with header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47627"
},
{
"category": "external",
"summary": "RHBZ#2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: numerous issues in HTTP parser with header parsing"
},
{
"cve": "CVE-2023-49081",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252235"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: HTTP request modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49081"
},
{
"category": "external",
"summary": "RHBZ#2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"
}
],
"release_date": "2023-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: HTTP request modification"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2257854"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "RHBZ#2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
}
],
"release_date": "2024-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter"
},
{
"cve": "CVE-2024-23334",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option \u0027follow_symlinks\u0027 can be used to determine whether to follow symbolic links outside the static root directory. When \u0027follow_symlinks\u0027 is set to True, there is no validation to check if a given file path is within the root directory. This issue can lead to a directory traversal vulnerability, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: follow_symlinks directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having a moderate impact. There is a non-default precondition which is required to exploit it: the follow_symlinks setting needs to be enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23334"
},
{
"category": "external",
"summary": "RHBZ#2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "If using follow_symlinks=True outside of a restricted local development environment, disable the option immediately. This option is NOT needed to follow symlinks that point to a location within the static root directory; it is only intended to allow a symlink to break out of the static directory. Even with this CVE fixed, there is still a substantial risk of misconfiguration when using this option on a server that accepts requests from remote users.\n\nAdditionally, aiohttp has always recommended using a reverse proxy server (such as nginx) to handle static resources and not to use these static resources in aiohttp for production environments. Doing so also protects against this vulnerability, and is why we expect the number of affected users to be very low.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: follow_symlinks directory traversal vulnerability"
},
{
"cve": "CVE-2024-23829",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261909"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of additional requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: http request smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23829"
},
{
"category": "external",
"summary": "RHBZ#2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: http request smuggling"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…