rhsa-2024_1536
Vulnerability from csaf_redhat
Published
2024-03-27 13:22
Modified
2024-12-06 11:13
Summary
Red Hat Security Advisory: Satellite 6.14.3 Async Security Update
Notes
Topic
An update is now available for Red Hat Satellite 6.14 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content
2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint "rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq"
2266140 - wrong links to provisioning guide in CR help
2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors
2266144 - Promoting a composite content view to environment with registry name as "<%= lifecycle_environment.label %>/<%= repository.name %>" on Red Hat Satellite 6 fails with "'undefined method '#label' for NilClass::Jail (NilClass)'"
2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
2266146 - katello:reimport fails with "TypeError: no implicit conversion of String into Integer" when there are product contents to move
2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context"
2266148 - Adding a CV to a CCV lists CV versions disorderly
2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step
2266413 - [RFE] "Add content view" window and "Update version" window should display content view version, description and publishing date
2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Satellite 6.14 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)\n* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)\n* python-aiohttp: http request smuggling (CVE-2024-23829)\n* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)\n* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)\n* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)\n* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)\n\nBug Fix(es):\n2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.\n2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content\n2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint \"rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq\"\n2266140 - wrong links to provisioning guide in CR help\n2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors\n2266144 - Promoting a composite content view to environment with registry name as \"\u003c%= lifecycle_environment.label %\u003e/\u003c%= repository.name %\u003e\" on Red Hat Satellite 6 fails with \"\u0027undefined method \u0027#label\u0027 for NilClass::Jail (NilClass)\u0027\"\n2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate\n2266146 - katello:reimport fails with \"TypeError: no implicit conversion of String into Integer\" when there are product contents to move\n2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint \"katello_available_module_streams_name_stream_context\"\n2266148 - Adding a CV to a CCV lists CV versions disorderly\n2266149 - \u0027Remove orphans\u0027 task fails on DeleteOrphanAlternateContentSources step\n2266413 - [RFE] \"Add content view\" window and \"Update version\" window should display content view version, description and publishing date \n2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.\n2266141 - wrong link to scap content documentation \nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1536",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "2266107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266107"
},
{
"category": "external",
"summary": "2266110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266110"
},
{
"category": "external",
"summary": "2266113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266113"
},
{
"category": "external",
"summary": "2266139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266139"
},
{
"category": "external",
"summary": "2266140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266140"
},
{
"category": "external",
"summary": "2266141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266141"
},
{
"category": "external",
"summary": "2266142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266142"
},
{
"category": "external",
"summary": "2266144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266144"
},
{
"category": "external",
"summary": "2266145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266145"
},
{
"category": "external",
"summary": "2266146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266146"
},
{
"category": "external",
"summary": "2266147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266147"
},
{
"category": "external",
"summary": "2266148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266148"
},
{
"category": "external",
"summary": "2266149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266149"
},
{
"category": "external",
"summary": "2266413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266413"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1536.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.3 Async Security Update",
"tracking": {
"current_release_date": "2024-12-06T11:13:21+00:00",
"generator": {
"date": "2024-12-06T11:13:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2024:1536",
"initial_release_date": "2024-03-27T13:22:31+00:00",
"revision_history": [
{
"date": "2024-03-27T13:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-27T13:22:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T11:13:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product_id": "candlepin-0:4.3.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_id": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp@3.9.2-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_id": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ansible-builder@1.2.0-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_id": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-async-timeout@4.0.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.22-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.22-1.el8pc.src",
"product_id": "python-django-0:3.2.22-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.22-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_id": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flake8@5.0.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_id": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-galaxy-importer@0.4.18-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_id": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jinja2@3.1.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_id": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-mccabe@0.7.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_id": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.22.22-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_id": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.19.12-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_id": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pycodestyle@2.9.1-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_id": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyflakes@2.5.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.src",
"product_id": "satellite-0:6.14.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_id": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-ansible-builder@1.2.0-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_id": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-async-timeout@4.0.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_id": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.22-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_id": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-flake8@5.0.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_id": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-galaxy-importer@0.4.18-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_id": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-jinja2@3.1.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_id": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-mccabe@0.7.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.22.22-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_id": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-rpm@3.19.12-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_id": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pycodestyle@2.9.1-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_id": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pyflakes@2.5.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp-debugsource@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp-debuginfo@3.9.2-0.1.el8pc?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.src",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5189",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2023-08-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2234387"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Hub: insecure galaxy-importer tarfile extraction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"category": "external",
"summary": "RHBZ#2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189"
}
],
"release_date": "2023-09-26T05:28:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction"
},
{
"cve": "CVE-2023-43665",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-09-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241046"
}
],
"notes": [
{
"category": "description",
"text": "An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Denial-of-service possibility in django.utils.text.Truncator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43665"
},
{
"category": "external",
"summary": "RHBZ#2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"
}
],
"release_date": "2023-10-04T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Denial-of-service possibility in django.utils.text.Truncator"
},
{
"cve": "CVE-2023-47627",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-11-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249825"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: numerous issues in HTTP parser with header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47627"
},
{
"category": "external",
"summary": "RHBZ#2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: numerous issues in HTTP parser with header parsing"
},
{
"cve": "CVE-2023-49081",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252235"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: HTTP request modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49081"
},
{
"category": "external",
"summary": "RHBZ#2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"
}
],
"release_date": "2023-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: HTTP request modification"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2257854"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "RHBZ#2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
}
],
"release_date": "2024-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter"
},
{
"cve": "CVE-2024-23334",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option \u0027follow_symlinks\u0027 can be used to determine whether to follow symbolic links outside the static root directory. When \u0027follow_symlinks\u0027 is set to True, there is no validation to check if a given file path is within the root directory. This issue can lead to a directory traversal vulnerability, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: follow_symlinks directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having a moderate impact. There is a non-default precondition which is required to exploit it: the follow_symlinks setting needs to be enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23334"
},
{
"category": "external",
"summary": "RHBZ#2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "If using follow_symlinks=True outside of a restricted local development environment, disable the option immediately. This option is NOT needed to follow symlinks that point to a location within the static root directory; it is only intended to allow a symlink to break out of the static directory. Even with this CVE fixed, there is still a substantial risk of misconfiguration when using this option on a server that accepts requests from remote users.\n\nAdditionally, aiohttp has always recommended using a reverse proxy server (such as nginx) to handle static resources and not to use these static resources in aiohttp for production environments. Doing so also protects against this vulnerability, and is why we expect the number of affected users to be very low.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: follow_symlinks directory traversal vulnerability"
},
{
"cve": "CVE-2024-23829",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261909"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of additional requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: http request smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23829"
},
{
"category": "external",
"summary": "RHBZ#2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: http request smuggling"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.