Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
🔗 CVE IDs covered (12)
📋 Description
CVE-2023-39326 — golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
CVE-2023-41040 — GitPython: Blind local file inclusion
CVE-2023-45857 — axios: exposure of confidential data stored in cookies
CVE-2023-46137 — python-twisted: disordered HTTP pipeline response in twisted.web
CVE-2023-47627 — python-aiohttp: numerous issues in HTTP parser with header parsing
CVE-2023-49083 — python-cryptography: NULL-dereference when loading PKCS7 certificates
CVE-2024-1394 — golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
CVE-2024-22195 — jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
CVE-2024-23334 — aiohttp: follow_symlinks directory traversal vulnerability
CVE-2024-23829 — python-aiohttp: http request smuggling
CVE-2024-24680 — Django: denial-of-service in intcomma template filter
CVE-2024-27351 — python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2024:1640
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246264
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2247040
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2248979
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2249825
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2253330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2255331
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2257854
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2261856
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2261887
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2261909
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262921
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2266045
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1640.json