Red Hat Security Advisory: updated discovery container images
🔗 CVE IDs covered (25)
📋 Description
CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods
CVE-2023-44270 — PostCSS: Improper input validation in PostCSS
CVE-2024-6485 — bootstrap: Cross-Site Scripting via button plugin on bootstrap
CVE-2024-8775 — ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging
CVE-2024-21536 — http-proxy-middleware: Denial of Service
CVE-2024-21538 — cross-spawn: regular expression denial of service
CVE-2024-31228 — redis: Denial-of-service due to unbounded pattern matching in Redis
CVE-2024-31449 — redis: Lua library commands may lead to stack overflow and RCE in Redis
CVE-2024-39338 — axios: axios: Server-Side Request Forgery
CVE-2024-41989 — python-django: Memory exhaustion in django.utils.numberformat.floatformat()
CVE-2024-41991 — python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
CVE-2024-42005 — python-django: Potential SQL injection in QuerySet.values() and values_list()
CVE-2024-43788 — webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
CVE-2024-43796 — express: Improper Input Handling in Express Redirects
CVE-2024-43799 — send: Code Execution Vulnerability in Send Library
CVE-2024-43800 — serve-static: Improper Sanitization in serve-static
CVE-2024-45296 — path-to-regexp: Backtracking regular expressions cause ReDoS
CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser
CVE-2024-46981 — redis: Redis' Lua library commands may lead to remote code execution
CVE-2024-52798 — path-to-regexp: path-to-regexp Unpatched path-to-regexp ReDoS in 0.1.x
CVE-2024-53907 — django: Potential denial-of-service in django.utils.html.strip_tags()
CVE-2024-55565 — nanoid: nanoid mishandles non-integer values
CVE-2024-56201 — jinja2: Jinja has a sandbox breakout through malicious filenames
CVE-2024-56326 — jinja2: Jinja has a sandbox breakout through indirect reference to format method
CVE-2024-56374 — django: potential denial-of-service vulnerability in IPv6 validation