RHSA-2024:1640MediumCVSS 7.5

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Published
April 2, 2024
Last Modified
July 3, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2023-39326 — golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests CVE-2023-41040 — GitPython: Blind local file inclusion CVE-2023-45857 — axios: exposure of confidential data stored in cookies CVE-2023-46137 — python-twisted: disordered HTTP pipeline response in twisted.web CVE-2023-47627 — python-aiohttp: numerous issues in HTTP parser with header parsing CVE-2023-49083 — python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2024-1394 — golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-22195 — jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-23334 — aiohttp: follow_symlinks directory traversal vulnerability CVE-2024-23829 — python-aiohttp: http request smuggling CVE-2024-24680 — Django: denial-of-service in intcomma template filter CVE-2024-27351 — python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()

🔗 References (15)