RHSA-2025:1249HighCVSS 7.5

Red Hat Security Advisory: updated discovery container images

Published
February 10, 2025
Last Modified
July 3, 2026

🔗 CVE IDs covered (25)

📋 Description

CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2023-44270 — PostCSS: Improper input validation in PostCSS CVE-2024-6485 — bootstrap: Cross-Site Scripting via button plugin on bootstrap CVE-2024-8775 — ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging CVE-2024-21536 — http-proxy-middleware: Denial of Service CVE-2024-21538 — cross-spawn: regular expression denial of service CVE-2024-31228 — redis: Denial-of-service due to unbounded pattern matching in Redis CVE-2024-31449 — redis: Lua library commands may lead to stack overflow and RCE in Redis CVE-2024-39338 — axios: axios: Server-Side Request Forgery CVE-2024-41989 — python-django: Memory exhaustion in django.utils.numberformat.floatformat() CVE-2024-41991 — python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget CVE-2024-42005 — python-django: Potential SQL injection in QuerySet.values() and values_list() CVE-2024-43788 — webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule CVE-2024-43796 — express: Improper Input Handling in Express Redirects CVE-2024-43799 — send: Code Execution Vulnerability in Send Library CVE-2024-43800 — serve-static: Improper Sanitization in serve-static CVE-2024-45296 — path-to-regexp: Backtracking regular expressions cause ReDoS CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser CVE-2024-46981 — redis: Redis' Lua library commands may lead to remote code execution CVE-2024-52798 — path-to-regexp: path-to-regexp Unpatched path-to-regexp ReDoS in 0.1.x CVE-2024-53907 — django: Potential denial-of-service in django.utils.html.strip_tags() CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2024-56201 — jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56326 — jinja2: Jinja has a sandbox breakout through indirect reference to format method CVE-2024-56374 — django: potential denial-of-service vulnerability in IPv6 validation

🔗 References (4)