RHSA-2023:2097HighCVSS 9.8

Red Hat Security Advisory: Satellite 6.13 Release

Published
May 3, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (26)

📋 Description

CVE-2021-46877 — jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-22577 — rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack CVE-2022-23514 — rubygem-loofah: inefficient regular expression leading to denial of service CVE-2022-23515 — rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting CVE-2022-23516 — rubygem-loofah: Uncontrolled Recursion leading to denial of service CVE-2022-23517 — rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service CVE-2022-23518 — rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting CVE-2022-23519 — rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations CVE-2022-23520 — rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-27777 — tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers CVE-2022-31163 — rubygem-tzinfo: arbitrary code execution CVE-2022-32224 — activerecord: Possible RCE escalation bug with Serialized Columns in Active Record CVE-2022-33980 — apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults CVE-2022-38749 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode CVE-2022-38750 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject CVE-2022-38751 — snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match CVE-2022-38752 — snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode CVE-2022-41323 — python-django: Potential denial-of-service vulnerability in internationalized URLs CVE-2022-41946 — postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-23969 — python-django: Potential denial-of-service via Accept-Language headers CVE-2023-24580 — python-django: Potential denial-of-service vulnerability in file uploads

🔗 References (265)