Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-23931 (GCVE-0-2023-23931)
Vulnerability from cvelistv5 – Published: 2023-02-07 20:54 – Updated: 2025-11-03 21:47
VLAI
EPSS
Title
Cipher.update_into can corrupt memory in pyca cryptography
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Severity
4.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pyca | cryptography |
Affected:
>=1.8, < 39.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:19.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230324-0007/"
},
{
"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
},
{
"name": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:11.762140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:15:21.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptography",
"vendor": "pyca",
"versions": [
{
"status": "affected",
"version": "\u003e=1.8, \u003c 39.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T20:54:03.628Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
},
{
"name": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3"
}
],
"source": {
"advisory": "GHSA-w7pp-m8wf-vj6r",
"discovery": "UNKNOWN"
},
"title": "Cipher.update_into can corrupt memory in pyca cryptography"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23931",
"datePublished": "2023-02-07T20:54:03.628Z",
"dateReserved": "2023-01-19T21:12:31.360Z",
"dateUpdated": "2025-11-03T21:47:19.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-23931",
"date": "2026-06-06",
"epss": "0.00688",
"percentile": "0.7217"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*\", \"versionStartIncluding\": \"1.8\", \"versionEndExcluding\": \"39.0.1\", \"matchCriteriaId\": \"D620CB15-986D-4955-BCE9-5CC459F01289\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.\"}]",
"id": "CVE-2023-23931",
"lastModified": "2024-11-21T07:47:07.570",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
"published": "2023-02-07T21:15:09.850",
"references": "[{\"url\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-23931\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-02-07T21:15:09.850\",\"lastModified\":\"2025-11-03T22:16:05.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*\",\"versionStartIncluding\":\"1.8\",\"versionEndExcluding\":\"39.0.1\",\"matchCriteriaId\":\"D620CB15-986D-4955-BCE9-5CC459F01289\"}]}]}],\"references\":[{\"url\":\"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230324-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0007/\"}, {\"url\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"name\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"name\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:47:19.856Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23931\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T21:01:11.762140Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T21:01:13.204Z\"}}], \"cna\": {\"title\": \"Cipher.update_into can corrupt memory in pyca cryptography\", \"source\": {\"advisory\": \"GHSA-w7pp-m8wf-vj6r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pyca\", \"product\": \"cryptography\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e=1.8, \u003c 39.0.1\"}]}], \"references\": [{\"url\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"name\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"name\": \"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-02-07T20:54:03.628Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-23931\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:47:19.856Z\", \"dateReserved\": \"2023-01-19T21:12:31.360Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-02-07T20:54:03.628Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2025:14739-1
Vulnerability from csaf_opensuse - Published: 2025-02-06 00:00 - Updated: 2025-02-06 00:00Summary
python311-cryptography-44.0.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-cryptography-44.0.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14739
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-cryptography-44.0.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14739",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14739-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23931 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23931/"
}
],
"title": "python311-cryptography-44.0.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-06T00:00:00Z",
"generator": {
"date": "2025-02-06T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14739-1",
"initial_release_date": "2025-02-06T00:00:00Z",
"revision_history": [
{
"date": "2025-02-06T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python311-cryptography-44.0.0-1.1.aarch64",
"product_id": "python311-cryptography-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python312-cryptography-44.0.0-1.1.aarch64",
"product_id": "python312-cryptography-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python313-cryptography-44.0.0-1.1.aarch64",
"product_id": "python313-cryptography-44.0.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python311-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python311-cryptography-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python312-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python312-cryptography-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python313-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python313-cryptography-44.0.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python311-cryptography-44.0.0-1.1.s390x",
"product_id": "python311-cryptography-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python312-cryptography-44.0.0-1.1.s390x",
"product_id": "python312-cryptography-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python313-cryptography-44.0.0-1.1.s390x",
"product_id": "python313-cryptography-44.0.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python311-cryptography-44.0.0-1.1.x86_64",
"product_id": "python311-cryptography-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python312-cryptography-44.0.0-1.1.x86_64",
"product_id": "python312-cryptography-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python313-cryptography-44.0.0-1.1.x86_64",
"product_id": "python313-cryptography-44.0.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python311-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python311-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python311-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python311-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python312-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python312-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python312-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python312-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python313-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python313-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python313-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python313-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2023-23931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23931"
}
],
"notes": [
{
"category": "general",
"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23931",
"url": "https://www.suse.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "SUSE Bug 1208036 for CVE-2023-23931",
"url": "https://bugzilla.suse.com/1208036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2023-23931"
}
]
}
PYSEC-2023-11
Vulnerability from pysec - Published: 2023-02-07 21:15 - Updated: 2023-05-04 03:49
VLAI
Details
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
Impacted products
| Name | purl | cryptography | pkg:pypi/cryptography |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cryptography",
"purl": "pkg:pypi/cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "94a50a9731f35405f0357fa5f3b177d46a726ab3"
}
],
"repo": "https://github.com/pyca/cryptography",
"type": "GIT"
},
{
"events": [
{
"introduced": "1.8"
},
{
"fixed": "39.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8",
"1.8.1",
"1.8.2",
"1.9",
"2.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.1.4",
"2.2",
"2.2.1",
"2.2.2",
"2.3",
"2.3.1",
"2.4",
"2.4.1",
"2.4.2",
"2.5",
"2.6",
"2.6.1",
"2.7",
"2.8",
"2.9",
"2.9.1",
"2.9.2",
"3.0",
"3.1",
"3.1.1",
"3.2",
"3.2.1",
"3.3",
"3.3.1",
"3.3.2",
"3.4",
"3.4.1",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.4.6",
"3.4.7",
"3.4.8",
"35.0.0",
"36.0.0",
"36.0.1",
"36.0.2",
"37.0.0",
"37.0.1",
"37.0.2",
"37.0.3",
"37.0.4",
"38.0.0",
"38.0.1",
"38.0.2",
"38.0.3",
"38.0.4",
"39.0.0"
]
}
],
"aliases": [
"CVE-2023-23931",
"GHSA-w7pp-m8wf-vj6r"
],
"details": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.",
"id": "PYSEC-2023-11",
"modified": "2023-05-04T03:49:45.221186Z",
"published": "2023-02-07T21:15:00Z",
"references": [
{
"type": "EVIDENCE",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
},
{
"type": "ADVISORY",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
},
{
"type": "FIX",
"url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3"
}
]
}
RHSA-2023:4693
Vulnerability from csaf_redhat - Published: 2023-08-21 21:53 - Updated: 2026-06-02 14:54Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.4
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-eda-controller: token exposed at importing project (CVE-2023-4380)
* python3-cryptography/python39-cryptography: memory corruption via immutable objects (CVE-2023-23931)
* python3-django/python39-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)
* python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes for Event-Driven Ansible:
* automation-eda-controller has been updated to 1.0.1
* Contributor and editor roles now have permissions to access users and set the AWX token. (AAP-11573)
* The onboarding wizard now requests controller token creation. (AAP-11907)
* Corrected the filtering capability of the Rule Audit screens so that a search yields results with the “starts with” function. (AAP-11987)
* Enabling or disabling rulebook activation no longer increases the restarts counter by 1. (AAP-12042)
* Filtering by a text string now displays all applicable items in the UI, including those that are not visible in the list at that time. (AAP-12446)
* Audit records are no longer missing when running activations with multiple jobs. (AAP-12522)
* The event payload is no longer missing key attributes when a job template fails. (AAP-12529)
* Fixed the Git token leak that occurs when importing a project fails. (AAP-12767)
* The restart policy in Kubernetes (k8s) now restarts successful activation that is incorrectly marked as failed. (AAP-12862)
* Activation statuses are now reported correctly, whether you are disabling or enabling them. (AAP-12896)
* When run_job_template action fails now, ansible-rulebook prints an error log in the activation output and creates an entry in rule audit so that the user is alerted that the rule has failed. (AAP-12909)
* When a user tries to bulk delete rulebook activations from the list, the request now completes successfully and consistently. (AAP-13093)
* The Rulebook Activation link now functions correctly in the Rule Audit Detail UI. (AAP-13182)
* Fixed a bug where ansible-rulebook prevented the execution, if the connection with the controller was not successful when controller was not required by the rulebook. (AAP-13209)
* Fixed a bug where some audit rule records had the wrong rulebook link. (AAP-13844)
* Fixed a bug where only the first 10 audit rules had the right link. (AAP-13845)
* Previously project credentials could not be updated if there was a change to the credential used in the project. Now credentials can be updated in a project with a new or different credential. (AAP-13983)
* The User Access section of the navigation panel no longer disappears after creating a decision environment. (AAP-14273)
* Fixed a bug where filtering for audit rules didn't work properly on OpenShift Container Platform. (AAP-14512)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
6.3 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).
6.1 (Medium)
Affected products
Fixed
2 products
Known not affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Workaround
|
Threats
Impact
Moderate
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.4\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n* automation-eda-controller: token exposed at importing project (CVE-2023-4380)\n* python3-cryptography/python39-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n* python3-django/python39-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)\n* python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional changes for Event-Driven Ansible:\n* automation-eda-controller has been updated to 1.0.1\n* Contributor and editor roles now have permissions to access users and set the AWX token. (AAP-11573)\n* The onboarding wizard now requests controller token creation. (AAP-11907)\n* Corrected the filtering capability of the Rule Audit screens so that a search yields results with the \u201cstarts with\u201d function. (AAP-11987)\n* Enabling or disabling rulebook activation no longer increases the restarts counter by 1. (AAP-12042)\n* Filtering by a text string now displays all applicable items in the UI, including those that are not visible in the list at that time. (AAP-12446)\n* Audit records are no longer missing when running activations with multiple jobs. (AAP-12522)\n* The event payload is no longer missing key attributes when a job template fails. (AAP-12529)\n* Fixed the Git token leak that occurs when importing a project fails. (AAP-12767)\n* The restart policy in Kubernetes (k8s) now restarts successful activation that is incorrectly marked as failed. (AAP-12862)\n* Activation statuses are now reported correctly, whether you are disabling or enabling them. (AAP-12896)\n* When run_job_template action fails now, ansible-rulebook prints an error log in the activation output and creates an entry in rule audit so that the user is alerted that the rule has failed. (AAP-12909)\n* When a user tries to bulk delete rulebook activations from the list, the request now completes successfully and consistently. (AAP-13093)\n* The Rulebook Activation link now functions correctly in the Rule Audit Detail UI. (AAP-13182)\n* Fixed a bug where ansible-rulebook prevented the execution, if the connection with the controller was not successful when controller was not required by the rulebook. (AAP-13209)\n* Fixed a bug where some audit rule records had the wrong rulebook link. (AAP-13844)\n* Fixed a bug where only the first 10 audit rules had the right link. (AAP-13845)\n* Previously project credentials could not be updated if there was a change to the credential used in the project. Now credentials can be updated in a project with a new or different credential. (AAP-13983)\n* The User Access section of the navigation panel no longer disappears after creating a decision environment. (AAP-14273)\n* Fixed a bug where filtering for audit rules didn\u0027t work properly on OpenShift Container Platform. (AAP-14512)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4693",
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "2232324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4693.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2026-06-02T14:54:14+00:00",
"generator": {
"date": "2026-06-02T14:54:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:4693",
"initial_release_date": "2023-08-21T21:53:41+00:00",
"revision_history": [
{
"date": "2023-08-21T21:53:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-08-29T18:14:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:54:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product": {
"name": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product_id": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-requests@2.31.0-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.20-1.el8ap.noarch",
"product": {
"name": "python39-django-0:3.2.20-1.el8ap.noarch",
"product_id": "python39-django-0:3.2.20-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.20-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product": {
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product_id": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-rsa@4.7.2-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-server@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-ui@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product": {
"name": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product_id": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-requests@2.31.0-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-django-0:3.2.20-1.el9ap.noarch",
"product": {
"name": "python3-django-0:3.2.20-1.el9ap.noarch",
"product_id": "python3-django-0:3.2.20-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@3.2.20-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product": {
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product_id": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-rsa@4.7.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-server@1.0.1-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-ui@1.0.1-1.el9ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3x-requests-0:2.31.0-1.el8ap.src",
"product": {
"name": "python3x-requests-0:2.31.0-1.el8ap.src",
"product_id": "python3x-requests-0:2.31.0-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-requests@2.31.0-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-django-0:3.2.20-1.el8ap.src",
"product": {
"name": "python3x-django-0:3.2.20-1.el8ap.src",
"product_id": "python3x-django-0:3.2.20-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-django@3.2.20-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product": {
"name": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product_id": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-rsa@4.7.2-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product_id": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography@38.0.4-2.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product_id": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-requests-0:2.31.0-1.el9ap.src",
"product": {
"name": "python-requests-0:2.31.0-1.el9ap.src",
"product_id": "python-requests-0:2.31.0-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-requests@2.31.0-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.20-1.el9ap.src",
"product": {
"name": "python-django-0:3.2.20-1.el9ap.src",
"product_id": "python-django-0:3.2.20-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.20-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-rsa-0:4.7.2-1.el9ap.src",
"product": {
"name": "python-rsa-0:4.7.2-1.el9ap.src",
"product_id": "python-rsa-0:4.7.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-rsa@4.7.2-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-0:38.0.4-2.el9ap.src",
"product": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src",
"product_id": "python-cryptography-0:38.0.4-2.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@38.0.4-2.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product_id": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el9ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.20-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch"
},
"product_reference": "python39-django-0:3.2.20-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-0:2.31.0-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch"
},
"product_reference": "python39-requests-0:2.31.0-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch"
},
"product_reference": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-django-0:3.2.20-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src"
},
"product_reference": "python3x-django-0:3.2.20-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-requests-0:2.31.0-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
},
"product_reference": "python3x-requests-0:2.31.0-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-rsa-0:4.7.2-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src"
},
"product_reference": "python3x-rsa-0:4.7.2-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.20-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src"
},
"product_reference": "python-django-0:3.2.20-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-0:2.31.0-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src"
},
"product_reference": "python-requests-0:2.31.0-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-rsa-0:4.7.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src"
},
"product_reference": "python-rsa-0:4.7.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:3.2.20-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
},
"product_reference": "python3-django-0:3.2.20-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-0:2.31.0-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch"
},
"product_reference": "python3-requests-0:2.31.0-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
},
"product_reference": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4380",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232324"
}
],
"notes": [
{
"category": "description",
"text": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "platform: token exposed at importing project",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"category": "external",
"summary": "RHBZ#2232324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4380"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4380"
}
],
"release_date": "2023-08-16T10:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "platform: token exposed at importing project"
},
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-32681",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209469"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Unintended leak of Proxy-Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32681"
},
{
"category": "external",
"summary": "RHBZ#2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q",
"url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q"
}
],
"release_date": "2023-05-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"category": "workaround",
"details": "For users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting allow_redirects to False on all calls through Requests top-level APIs. Note that if you are currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n\nimport requests\nr = requests.get(\u0027http://github.com/\u0027, allow_redirects=False)",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-requests: Unintended leak of Proxy-Authorization header"
},
{
"cve": "CVE-2023-36053",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2218004"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36053"
},
{
"category": "external",
"summary": "RHBZ#2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"
}
],
"release_date": "2023-07-03T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator"
}
]
}
RHSA-2023:4971
Vulnerability from csaf_redhat - Published: 2023-09-05 11:53 - Updated: 2026-06-02 14:54Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.4
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-controller: cryptography: memory corruption via immutable objects (CVE-2023-23931)
* automation-controller: GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
* python3-gitpython/python39-gitpython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes:
* ansible-core has been updated to 2.15.3 (AAP-15269)
* automation-controller has been updated to 4.4.3 (AAP-15549)
* python3-gitpython/python39-gitpython has been updated to 3.1.21 (AAP-15485)
* automation controller: Fix bug that can cause a deadlock on shutdown when redis is unavailable. (AAP-14203)
* automation controller: The login form no longer supports autocomplete on the password field due to security concerns. (AAP-15545)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch | — |
Threats
Impact
Moderate
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.
9.8 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch | — |
Threats
Impact
Low
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.4\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n* automation-controller: cryptography: memory corruption via immutable objects (CVE-2023-23931)\n* automation-controller: GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)\n* python3-gitpython/python39-gitpython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional changes:\n* ansible-core has been updated to 2.15.3 (AAP-15269)\n* automation-controller has been updated to 4.4.3 (AAP-15549)\n* python3-gitpython/python39-gitpython has been updated to 3.1.21 (AAP-15485)\n* automation controller: Fix bug that can cause a deadlock on shutdown when redis is unavailable. (AAP-14203)\n* automation controller: The login form no longer supports autocomplete on the password field due to security concerns. (AAP-15545)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4971",
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4971.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2026-06-02T14:54:17+00:00",
"generator": {
"date": "2026-06-02T14:54:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:4971",
"initial_release_date": "2023-09-05T11:53:51+00:00",
"revision_history": [
{
"date": "2023-09-05T11:53:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-05T11:53:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:54:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el9ap.src",
"product": {
"name": "ansible-core-0:2.15.3-1.el9ap.src",
"product_id": "ansible-core-0:2.15.3-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-gitpython-0:3.1.32-1.el9ap.src",
"product": {
"name": "python-gitpython-0:3.1.32-1.el9ap.src",
"product_id": "python-gitpython-0:3.1.32-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gitpython@3.1.32-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.src",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.src",
"product_id": "automation-controller-0:4.4.3-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el8ap.src",
"product": {
"name": "ansible-core-0:2.15.3-1.el8ap.src",
"product_id": "ansible-core-0:2.15.3-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product": {
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product_id": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-gitpython@3.1.32-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.src",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.src",
"product_id": "automation-controller-0:4.4.3-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product_id": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product_id": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-test@2.15.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product": {
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product_id": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-gitpython@3.1.32-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product_id": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product_id": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-test@2.15.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product": {
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product_id": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-gitpython@3.1.32-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.4.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.4.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.4.3-1.el8ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product_id": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product_id": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product_id": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product_id": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product_id": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product_id": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product_id": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product_id": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src"
},
"product_reference": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
},
"product_reference": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T11:53:51+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-40267",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-08-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2231474"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: Insecure non-multi options in clone and clone_from is not blocked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. \n\nRed Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40267"
},
{
"category": "external",
"summary": "RHBZ#2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj",
"url": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj"
}
],
"release_date": "2023-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T11:53:51+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "GitPython: Insecure non-multi options in clone and clone_from is not blocked"
}
]
}
RHSA-2023:6615
Vulnerability from csaf_redhat - Published: 2023-11-07 08:47 - Updated: 2026-06-02 14:48Summary
Red Hat Security Advisory: python-cryptography security update
Severity
Moderate
Notes
Topic: An update for python-cryptography is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-9.3.0.GA:python-cryptography-0:36.0.1-4.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-cryptography is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-cryptography packages contain a Python Cryptographic Authority\u0027s (PyCA\u0027s) cryptography library, which provides cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\n* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6615",
"url": "https://access.redhat.com/errata/RHSA-2023:6615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2172399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172399"
},
{
"category": "external",
"summary": "2203840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203840"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6615.json"
}
],
"title": "Red Hat Security Advisory: python-cryptography security update",
"tracking": {
"current_release_date": "2026-06-02T14:48:08+00:00",
"generator": {
"date": "2026-06-02T14:48:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6615",
"initial_release_date": "2023-11-07T08:47:31+00:00",
"revision_history": [
{
"date": "2023-11-07T08:47:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:47:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:48:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-0:36.0.1-4.el9.src",
"product": {
"name": "python-cryptography-0:36.0.1-4.el9.src",
"product_id": "python-cryptography-0:36.0.1-4.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@36.0.1-4.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:36.0.1-4.el9.aarch64",
"product": {
"name": "python3-cryptography-0:36.0.1-4.el9.aarch64",
"product_id": "python3-cryptography-0:36.0.1-4.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@36.0.1-4.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"product": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"product_id": "python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@36.0.1-4.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"product": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"product_id": "python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@36.0.1-4.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:36.0.1-4.el9.ppc64le",
"product": {
"name": "python3-cryptography-0:36.0.1-4.el9.ppc64le",
"product_id": "python3-cryptography-0:36.0.1-4.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@36.0.1-4.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"product": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"product_id": "python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@36.0.1-4.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"product": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"product_id": "python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@36.0.1-4.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:36.0.1-4.el9.x86_64",
"product": {
"name": "python3-cryptography-0:36.0.1-4.el9.x86_64",
"product_id": "python3-cryptography-0:36.0.1-4.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@36.0.1-4.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"product": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"product_id": "python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@36.0.1-4.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64",
"product": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64",
"product_id": "python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@36.0.1-4.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:36.0.1-4.el9.s390x",
"product": {
"name": "python3-cryptography-0:36.0.1-4.el9.s390x",
"product_id": "python3-cryptography-0:36.0.1-4.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@36.0.1-4.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"product": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"product_id": "python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@36.0.1-4.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"product": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"product_id": "python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@36.0.1-4.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:36.0.1-4.el9.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python-cryptography-0:36.0.1-4.el9.src"
},
"product_reference": "python-cryptography-0:36.0.1-4.el9.src",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.s390x"
},
"product_reference": "python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:36.0.1-4.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:36.0.1-4.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.aarch64"
},
"product_reference": "python3-cryptography-0:36.0.1-4.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:36.0.1-4.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.ppc64le"
},
"product_reference": "python3-cryptography-0:36.0.1-4.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:36.0.1-4.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.s390x"
},
"product_reference": "python3-cryptography-0:36.0.1-4.el9.s390x",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:36.0.1-4.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.x86_64"
},
"product_reference": "python3-cryptography-0:36.0.1-4.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.3.0.GA:python-cryptography-0:36.0.1-4.el9.src",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:47:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.3.0.GA:python-cryptography-0:36.0.1-4.el9.src",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6615"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"BaseOS-9.3.0.GA:python-cryptography-0:36.0.1-4.el9.src",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python-cryptography-debugsource-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-0:36.0.1-4.el9.x86_64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.aarch64",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.ppc64le",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.s390x",
"BaseOS-9.3.0.GA:python3-cryptography-debuginfo-0:36.0.1-4.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
}
]
}
RHSA-2023:6793
Vulnerability from csaf_redhat - Published: 2023-11-08 08:20 - Updated: 2026-06-02 14:54Summary
Red Hat Security Advisory: rh-python38-python security update
Severity
Important
Notes
Topic: An update for rh-python38-python is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: rh-python38-python (3.8.18), rh-python38-python-cryptography (2.8), rh-python38-python-pip (19.3.1), rh-python38-python-requests (2.22.0), rh-python38-python-setuptools (41.6.0), rh-python38-python-wheel (0.33.6).
Security Fix(es):
* python: urllib.parse url blocklisting bypass (CVE-2023-24329)
* python: TLS handshake bypass (CVE-2023-40217)
* python: tarfile module directory traversal (CVE-2007-4559)
* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)
* python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli (CVE-2022-40898)
* python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
* python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files.
5.5 (Medium)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.
5.9 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Threats
Impact
Moderate
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Threats
Impact
Moderate
A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Threats
Impact
Moderate
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Vendor Fix
fix
|
Known not affected
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Threats
Impact
Important
A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).
6.1 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Workaround
|
Threats
Impact
Moderate
Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.
8.6 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src | — | ||
| Unresolved product id: 7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch | — |
Threats
Impact
Important
References
53 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-python38-python is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nThe following packages have been upgraded to a later upstream version: rh-python38-python (3.8.18), rh-python38-python-cryptography (2.8), rh-python38-python-pip (19.3.1), rh-python38-python-requests (2.22.0), rh-python38-python-setuptools (41.6.0), rh-python38-python-wheel (0.33.6).\n\nSecurity Fix(es):\n\n* python: urllib.parse url blocklisting bypass (CVE-2023-24329)\n\n* python: TLS handshake bypass (CVE-2023-40217)\n\n* python: tarfile module directory traversal (CVE-2007-4559)\n\n* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)\n\n* python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli (CVE-2022-40898)\n\n* python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)\n\n* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n\n* python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6793",
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
},
{
"category": "external",
"summary": "2173917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173917"
},
{
"category": "external",
"summary": "2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "2235789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235789"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "263261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261"
},
{
"category": "external",
"summary": "2144072",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144072"
},
{
"category": "external",
"summary": "2158559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158559"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2165864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165864"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6793.json"
}
],
"title": "Red Hat Security Advisory: rh-python38-python security update",
"tracking": {
"current_release_date": "2026-06-02T14:54:19+00:00",
"generator": {
"date": "2026-06-02T14:54:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6793",
"initial_release_date": "2023-11-08T08:20:36+00:00",
"revision_history": [
{
"date": "2023-11-08T08:20:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-08T08:20:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:54:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"product": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"product_id": "rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-setuptools@41.6.0-8.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-requests-0:2.22.0-11.el7.src",
"product": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.src",
"product_id": "rh-python38-python-requests-0:2.22.0-11.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-requests@2.22.0-11.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.src",
"product": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.src",
"product_id": "rh-python38-python-wheel-0:0.33.6-9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-wheel@0.33.6-9.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-pip-0:19.3.1-4.el7.src",
"product": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.src",
"product_id": "rh-python38-python-pip-0:19.3.1-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-pip@19.3.1-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-cryptography-0:2.8-6.el7.src",
"product": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.src",
"product_id": "rh-python38-python-cryptography-0:2.8-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-0:3.8.18-2.el7.src",
"product": {
"name": "rh-python38-python-0:3.8.18-2.el7.src",
"product_id": "rh-python38-python-0:3.8.18-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"product": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"product_id": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-setuptools@41.6.0-8.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"product": {
"name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"product_id": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-setuptools-wheel@41.6.0-8.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"product": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"product_id": "rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-requests@2.22.0-11.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"product": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"product_id": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-wheel@0.33.6-9.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"product": {
"name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"product_id": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-wheel-wheel@0.33.6-9.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"product": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"product_id": "rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-pip@19.3.1-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"product": {
"name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"product_id": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-pip-wheel@19.3.1-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"product": {
"name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"product_id": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-rpm-macros@3.8.18-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"product": {
"name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"product_id": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-srpm-macros@3.8.18-2.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"product": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"product_id": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"product": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"product": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"product": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"product_id": "rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"product": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-test-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-test-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"product": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"product": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"product_id": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"product": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"product": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch"
},
"product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src"
},
"product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch"
},
"product_reference": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch"
},
"product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src"
},
"product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch"
},
"product_reference": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch"
},
"product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src"
},
"product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch"
},
"product_reference": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch"
},
"product_reference": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch"
},
"product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src"
},
"product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
},
"product_reference": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64"
},
"product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64"
},
"product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch"
},
"product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-0:19.3.1-4.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src"
},
"product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch"
},
"product_reference": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch"
},
"product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-requests-0:2.22.0-11.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src"
},
"product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch"
},
"product_reference": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch"
},
"product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src"
},
"product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch"
},
"product_reference": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch"
},
"product_reference": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
},
"product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch"
},
"product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-0:0.33.6-9.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src"
},
"product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
},
"product_reference": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-4559",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2007-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "263261"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: tarfile module directory traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having a Moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification.\n\nVersions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4559"
},
{
"category": "external",
"summary": "RHBZ#263261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559"
}
],
"release_date": "2007-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
},
{
"category": "workaround",
"details": "Do not extract archives from untrusted sources with the Python tarfile module. Users of the module should add sanity checks when calling the tarfile.extract or tarfile.extractall functions.",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: tarfile module directory traversal"
},
{
"cve": "CVE-2022-40897",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2158559"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40897"
},
{
"category": "external",
"summary": "RHBZ#2158559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897"
},
{
"category": "external",
"summary": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/",
"url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/"
}
],
"release_date": "2022-12-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
},
{
"cve": "CVE-2022-40898",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165864"
}
],
"notes": [
{
"category": "description",
"text": "An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40898"
},
{
"category": "external",
"summary": "RHBZ#2165864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40898"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qwmp-2cf2-g9g6",
"url": "https://github.com/advisories/GHSA-qwmp-2cf2-g9g6"
}
],
"release_date": "2022-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli"
},
{
"cve": "CVE-2022-45061",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-11-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2144072"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CPU denial of service via inefficient IDNA decoder",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an algorithmic complexity flaw found in Python\u0027s idna module. The vulnerability exists in the IDNA decoder, which uses an inefficient quadratic-time algorithm. It is triggered when processing a crafted, unreasonably long hostname supplied by a remote attacker, leading to excessive CPU consumption. This results in a denial of service (DoS) by making the affected application unresponsive, this flaw is rated as moderate because it impacts the availability of the application process rather than the entire system.\n\nVersions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45061"
},
{
"category": "external",
"summary": "RHBZ#2144072",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144072"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/98433",
"url": "https://github.com/python/cpython/issues/98433"
},
{
"category": "external",
"summary": "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html",
"url": "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html"
}
],
"release_date": "2022-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CPU denial of service via inefficient IDNA decoder"
},
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-24329",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2173917"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: urllib.parse url blocklisting bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24329"
},
{
"category": "external",
"summary": "RHBZ#2173917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173917"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329"
},
{
"category": "external",
"summary": "https://pointernull.com/security/python-url-parse-problem.html",
"url": "https://pointernull.com/security/python-url-parse-problem.html"
}
],
"release_date": "2023-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: urllib.parse url blocklisting bypass"
},
{
"cve": "CVE-2023-32681",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209469"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Unintended leak of Proxy-Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32681"
},
{
"category": "external",
"summary": "RHBZ#2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q",
"url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q"
}
],
"release_date": "2023-05-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
},
{
"category": "workaround",
"details": "For users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting allow_redirects to False on all calls through Requests top-level APIs. Note that if you are currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n\nimport requests\nr = requests.get(\u0027http://github.com/\u0027, allow_redirects=False)",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-requests: Unintended leak of Proxy-Authorization header"
},
{
"cve": "CVE-2023-40217",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2023-08-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235789"
}
],
"notes": [
{
"category": "description",
"text": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: TLS handshake bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"known_not_affected": [
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40217"
},
{
"category": "external",
"summary": "RHBZ#2235789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/108310",
"url": "https://github.com/python/cpython/issues/108310"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/108315",
"url": "https://github.com/python/cpython/pull/108315"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"
}
],
"release_date": "2023-08-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T08:20:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6793"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x",
"7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src",
"7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: TLS handshake bypass"
}
]
}
RHSA-2023:7096
Vulnerability from csaf_redhat - Published: 2023-11-14 16:14 - Updated: 2026-06-02 14:48Summary
Red Hat Security Advisory: python-cryptography security update
Severity
Moderate
Notes
Topic: An update for python-cryptography is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.9.0.GA:python-cryptography-0:3.2.1-6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-cryptography is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-cryptography packages contain a Python Cryptographic Authority\u0027s (PyCA\u0027s) cryptography library, which provides cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\n* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7096",
"url": "https://access.redhat.com/errata/RHSA-2023:7096"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2172404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172404"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7096.json"
}
],
"title": "Red Hat Security Advisory: python-cryptography security update",
"tracking": {
"current_release_date": "2026-06-02T14:48:09+00:00",
"generator": {
"date": "2026-06-02T14:48:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7096",
"initial_release_date": "2023-11-14T16:14:38+00:00",
"revision_history": [
{
"date": "2023-11-14T16:14:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T16:14:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:48:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-0:3.2.1-6.el8.src",
"product": {
"name": "python-cryptography-0:3.2.1-6.el8.src",
"product_id": "python-cryptography-0:3.2.1-6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@3.2.1-6.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:3.2.1-6.el8.aarch64",
"product": {
"name": "python3-cryptography-0:3.2.1-6.el8.aarch64",
"product_id": "python3-cryptography-0:3.2.1-6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@3.2.1-6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"product": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"product_id": "python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@3.2.1-6.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"product": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"product_id": "python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@3.2.1-6.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:3.2.1-6.el8.ppc64le",
"product": {
"name": "python3-cryptography-0:3.2.1-6.el8.ppc64le",
"product_id": "python3-cryptography-0:3.2.1-6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@3.2.1-6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"product": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"product_id": "python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@3.2.1-6.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"product": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"product_id": "python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@3.2.1-6.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:3.2.1-6.el8.x86_64",
"product": {
"name": "python3-cryptography-0:3.2.1-6.el8.x86_64",
"product_id": "python3-cryptography-0:3.2.1-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@3.2.1-6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"product": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"product_id": "python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@3.2.1-6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64",
"product": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64",
"product_id": "python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@3.2.1-6.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-0:3.2.1-6.el8.s390x",
"product": {
"name": "python3-cryptography-0:3.2.1-6.el8.s390x",
"product_id": "python3-cryptography-0:3.2.1-6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@3.2.1-6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"product": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"product_id": "python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@3.2.1-6.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"product": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"product_id": "python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@3.2.1-6.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:3.2.1-6.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python-cryptography-0:3.2.1-6.el8.src"
},
"product_reference": "python-cryptography-0:3.2.1-6.el8.src",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.s390x"
},
"product_reference": "python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:3.2.1-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:3.2.1-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.aarch64"
},
"product_reference": "python3-cryptography-0:3.2.1-6.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:3.2.1-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.ppc64le"
},
"product_reference": "python3-cryptography-0:3.2.1-6.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:3.2.1-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.s390x"
},
"product_reference": "python3-cryptography-0:3.2.1-6.el8.s390x",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:3.2.1-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.x86_64"
},
"product_reference": "python3-cryptography-0:3.2.1-6.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.9.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.9.0.GA:python-cryptography-0:3.2.1-6.el8.src",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T16:14:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.9.0.GA:python-cryptography-0:3.2.1-6.el8.src",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7096"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"BaseOS-8.9.0.GA:python-cryptography-0:3.2.1-6.el8.src",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python-cryptography-debugsource-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-0:3.2.1-6.el8.x86_64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.aarch64",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.ppc64le",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.s390x",
"BaseOS-8.9.0.GA:python3-cryptography-debuginfo-0:3.2.1-6.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
}
]
}
RHSA-2023:7341
Vulnerability from csaf_redhat - Published: 2023-11-30 14:34 - Updated: 2026-06-02 14:48Summary
Red Hat Security Advisory: Red Hat Quay security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Quay 3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: An update is now available for Red Hat Quay 3.
Security Fix(es):
* python-werkzeug: high resource usage when parsing multipart form data with many fields (CVE-2023-25577)
* flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861)
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64 | — |
Threats
Impact
Moderate
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage, allowing an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests, and if many concurrent requests are sent continuously, this can exhaust or kill all available workers.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64 | — |
Threats
Impact
Important
A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions are met by the proxy's behavior regarding cookies and the application's behavior session usage: 1. The caching proxy does not strip or ignore response with cookies 2. The application sets a permanent session 3. The application does not access or modify the session during requests 4. SESSION_REFRESH_EACH_REQUEST is enabled, which is the default Flask behavior 5. The application does not set the Cache-Control header to avoid being cached
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64 | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x | — | ||
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64 | — |
Threats
Impact
Important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Quay 3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Red Hat Quay 3.\n\nSecurity Fix(es):\n\n* python-werkzeug: high resource usage when parsing multipart form data with many fields (CVE-2023-25577)\n\n* flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861)\n\n* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7341",
"url": "https://access.redhat.com/errata/RHSA-2023:7341"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2170242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170242"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2196643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196643"
},
{
"category": "external",
"summary": "PROJQUAY-2462",
"url": "https://issues.redhat.com/browse/PROJQUAY-2462"
},
{
"category": "external",
"summary": "PROJQUAY-2803",
"url": "https://issues.redhat.com/browse/PROJQUAY-2803"
},
{
"category": "external",
"summary": "PROJQUAY-3906",
"url": "https://issues.redhat.com/browse/PROJQUAY-3906"
},
{
"category": "external",
"summary": "PROJQUAY-4126",
"url": "https://issues.redhat.com/browse/PROJQUAY-4126"
},
{
"category": "external",
"summary": "PROJQUAY-5021",
"url": "https://issues.redhat.com/browse/PROJQUAY-5021"
},
{
"category": "external",
"summary": "PROJQUAY-5212",
"url": "https://issues.redhat.com/browse/PROJQUAY-5212"
},
{
"category": "external",
"summary": "PROJQUAY-5489",
"url": "https://issues.redhat.com/browse/PROJQUAY-5489"
},
{
"category": "external",
"summary": "PROJQUAY-5506",
"url": "https://issues.redhat.com/browse/PROJQUAY-5506"
},
{
"category": "external",
"summary": "PROJQUAY-5598",
"url": "https://issues.redhat.com/browse/PROJQUAY-5598"
},
{
"category": "external",
"summary": "PROJQUAY-5957",
"url": "https://issues.redhat.com/browse/PROJQUAY-5957"
},
{
"category": "external",
"summary": "PROJQUAY-5958",
"url": "https://issues.redhat.com/browse/PROJQUAY-5958"
},
{
"category": "external",
"summary": "PROJQUAY-5959",
"url": "https://issues.redhat.com/browse/PROJQUAY-5959"
},
{
"category": "external",
"summary": "PROJQUAY-5960",
"url": "https://issues.redhat.com/browse/PROJQUAY-5960"
},
{
"category": "external",
"summary": "PROJQUAY-5963",
"url": "https://issues.redhat.com/browse/PROJQUAY-5963"
},
{
"category": "external",
"summary": "PROJQUAY-6010",
"url": "https://issues.redhat.com/browse/PROJQUAY-6010"
},
{
"category": "external",
"summary": "PROJQUAY-6048",
"url": "https://issues.redhat.com/browse/PROJQUAY-6048"
},
{
"category": "external",
"summary": "PROJQUAY-6184",
"url": "https://issues.redhat.com/browse/PROJQUAY-6184"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7341.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay security update",
"tracking": {
"current_release_date": "2026-06-02T14:48:34+00:00",
"generator": {
"date": "2026-06-02T14:48:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:7341",
"initial_release_date": "2023-11-30T14:34:57+00:00",
"revision_history": [
{
"date": "2023-11-30T14:34:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-30T14:34:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T14:48:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.0-17"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.0-10"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"product_id": "quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.0-20"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"product_id": "quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.0-154"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.0-37"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"product_id": "quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.0-150"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"product": {
"name": "quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"product_id": "quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.0-17"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.0-10"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"product": {
"name": "quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"product_id": "quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.0-20"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"product_id": "quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"product": {
"name": "quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"product_id": "quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.0-154"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"product": {
"name": "quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"product_id": "quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.0-37"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"product": {
"name": "quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"product_id": "quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.0-150"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"product": {
"name": "quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"product_id": "quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.0-17"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.0-10"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"product": {
"name": "quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"product_id": "quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.0-20"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"product_id": "quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.0-19"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"product": {
"name": "quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"product_id": "quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.0-154"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"product": {
"name": "quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"product_id": "quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.0-37"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le",
"product": {
"name": "quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le",
"product_id": "quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.0-150"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x"
},
"product_reference": "quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le"
},
"product_reference": "quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le"
},
"product_reference": "quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x"
},
"product_reference": "quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x"
},
"product_reference": "quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le"
},
"product_reference": "quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le"
},
"product_reference": "quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x"
},
"product_reference": "quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x"
},
"product_reference": "quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
},
"product_reference": "quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-30T14:34:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7341"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-25577",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage, allowing an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests, and if many concurrent requests are sent continuously, this can exhaust or kill all available workers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-werkzeug: high resource usage when parsing multipart form data with many fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25577"
},
{
"category": "external",
"summary": "RHBZ#2170242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25577"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1",
"url": "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/releases/tag/2.2.3",
"url": "https://github.com/pallets/werkzeug/releases/tag/2.2.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323"
}
],
"release_date": "2023-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-30T14:34:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7341"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-werkzeug: high resource usage when parsing multipart form data with many fields"
},
{
"cve": "CVE-2023-30861",
"cwe": {
"id": "CWE-488",
"name": "Exposure of Data Element to Wrong Session"
},
"discovery_date": "2023-05-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196643"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions are met by the proxy\u0027s behavior regarding cookies and the application\u0027s behavior session usage:\r\n1. The caching proxy does not strip or ignore response with cookies\r\n2. The application sets a permanent session\r\n3. The application does not access or modify the session during requests\r\n4. SESSION_REFRESH_EACH_REQUEST is enabled, which is the default Flask behavior\r\n5. The application does not set the Cache-Control header to avoid being cached",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-30861"
},
{
"category": "external",
"summary": "RHBZ#2196643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-30861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30861"
},
{
"category": "external",
"summary": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b",
"url": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b"
},
{
"category": "external",
"summary": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq",
"url": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq"
}
],
"release_date": "2023-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-30T14:34:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7341"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:23859613178852c50bf22697faab3234b14b18a16ebbc7abe2f138a0ce70de7e_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:88dc472af7cd89ee0bcaf250b3c535a8fab4e92b4faa793efd6d34b13f3d3e1c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:fa100f2c4a8cab77e72c8747f1a846cd6046afeed0b7c1a580fe2b0d4f1174f5_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:23b867fd6a3b732dad7ce74b62fbeacb468e28673600fce321454600c0eb614a_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:a908b368daacd5994ba191b7b7a3057f72468e1ea4aee06e1f2d977102499232_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:eda9b6bb1d237e88481223cb59c4c0b33934782532987242abd04f52f1b8c342_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:47bb83c9964c153c965c09bce04e4a5a4b59e6d6a7f141164ab8c5ab0e410205_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:579e02e548e7add12043a000a68b68e290871fd6f9f850b9c8da655005545db5_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:747705d85d04b80cb01fd4dc293dae29a4547c6c52edf78366c4abe9e2dc40bf_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:3ce921816cc1dc34009a1f44f651756f25fdbe55f03751f73bc28e820a76a3e4_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a7c62a3852c6fe8a83e187af9a9d8378731c17162996d2fd9d4964d5057c00ae_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d083fc73b5aaa20105369053a4f247d90f6bf963ba4216a4a115d36d62eb87ca_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:099a934e8dcb0161e0e4060f2898c963a90cc0738442e99fae083b0f30bc142e_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:655de4673f8b018cc323a74988e71f5680ff330243f600f74d6a562b129e188f_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a18fdba3c2bc93ff6e511e3b2fce591b8a186eb1d32639e825df25478e5c9a9_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:0e0b3af9b4b673ea2b1f0276caf82fb51c8b6fa9c15874c79028d18a3344bd4c_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:3776ee296f1c7d89d600016199d29248aac978729a88007af0870612692ff3e6_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:baa04276b08ffe601f7ca30ff68b81713a2ee6385295d577ba56140813996b5d_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0a85707172eab0ee157e6df85844f1950af36c2c8b755ac97fd5802184ba5eed_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4f44290cc1469dd106bb0728e4af614dcb0ba3f429be9f6dc2e580c9378bd108_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e6e09ebcccfb8f8a0c6744738a62ba257536344d2a8752a74848d30ab68cfd56_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:48760e344a72b56fa1b747af7935ac9ec94f63329a8fb6369093b7283156657c_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:4f9f10b08ce70ec734a3a422082353498c42768469fcab73e2fc948e38a1ee90_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:de2671e861ebe80195be0c7d1031ec88106329d9e6d061a88a35a8430277ea7a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header"
}
]
}
RHSA-2023_4693
Vulnerability from csaf_redhat - Published: 2023-08-21 21:53 - Updated: 2024-11-23 00:12Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.4
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-eda-controller: token exposed at importing project (CVE-2023-4380)
* python3-cryptography/python39-cryptography: memory corruption via immutable objects (CVE-2023-23931)
* python3-django/python39-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)
* python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes for Event-Driven Ansible:
* automation-eda-controller has been updated to 1.0.1
* Contributor and editor roles now have permissions to access users and set the AWX token. (AAP-11573)
* The onboarding wizard now requests controller token creation. (AAP-11907)
* Corrected the filtering capability of the Rule Audit screens so that a search yields results with the “starts with” function. (AAP-11987)
* Enabling or disabling rulebook activation no longer increases the restarts counter by 1. (AAP-12042)
* Filtering by a text string now displays all applicable items in the UI, including those that are not visible in the list at that time. (AAP-12446)
* Audit records are no longer missing when running activations with multiple jobs. (AAP-12522)
* The event payload is no longer missing key attributes when a job template fails. (AAP-12529)
* Fixed the Git token leak that occurs when importing a project fails. (AAP-12767)
* The restart policy in Kubernetes (k8s) now restarts successful activation that is incorrectly marked as failed. (AAP-12862)
* Activation statuses are now reported correctly, whether you are disabling or enabling them. (AAP-12896)
* When run_job_template action fails now, ansible-rulebook prints an error log in the activation output and creates an entry in rule audit so that the user is alerted that the rule has failed. (AAP-12909)
* When a user tries to bulk delete rulebook activations from the list, the request now completes successfully and consistently. (AAP-13093)
* The Rulebook Activation link now functions correctly in the Rule Audit Detail UI. (AAP-13182)
* Fixed a bug where ansible-rulebook prevented the execution, if the connection with the controller was not successful when controller was not required by the rulebook. (AAP-13209)
* Fixed a bug where some audit rule records had the wrong rulebook link. (AAP-13844)
* Fixed a bug where only the first 10 audit rules had the right link. (AAP-13845)
* Previously project credentials could not be updated if there was a change to the credential used in the project. Now credentials can be updated in a project with a new or different credential. (AAP-13983)
* The User Access section of the navigation panel no longer disappears after creating a decision environment. (AAP-14273)
* Fixed a bug where filtering for audit rules didn't work properly on OpenShift Container Platform. (AAP-14512)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
6.3 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).
6.1 (Medium)
Affected products
Fixed
2 products
Known not affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Workaround
|
Threats
Impact
Moderate
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch | — |
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.4\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n* automation-eda-controller: token exposed at importing project (CVE-2023-4380)\n* python3-cryptography/python39-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n* python3-django/python39-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)\n* python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional changes for Event-Driven Ansible:\n* automation-eda-controller has been updated to 1.0.1\n* Contributor and editor roles now have permissions to access users and set the AWX token. (AAP-11573)\n* The onboarding wizard now requests controller token creation. (AAP-11907)\n* Corrected the filtering capability of the Rule Audit screens so that a search yields results with the \u201cstarts with\u201d function. (AAP-11987)\n* Enabling or disabling rulebook activation no longer increases the restarts counter by 1. (AAP-12042)\n* Filtering by a text string now displays all applicable items in the UI, including those that are not visible in the list at that time. (AAP-12446)\n* Audit records are no longer missing when running activations with multiple jobs. (AAP-12522)\n* The event payload is no longer missing key attributes when a job template fails. (AAP-12529)\n* Fixed the Git token leak that occurs when importing a project fails. (AAP-12767)\n* The restart policy in Kubernetes (k8s) now restarts successful activation that is incorrectly marked as failed. (AAP-12862)\n* Activation statuses are now reported correctly, whether you are disabling or enabling them. (AAP-12896)\n* When run_job_template action fails now, ansible-rulebook prints an error log in the activation output and creates an entry in rule audit so that the user is alerted that the rule has failed. (AAP-12909)\n* When a user tries to bulk delete rulebook activations from the list, the request now completes successfully and consistently. (AAP-13093)\n* The Rulebook Activation link now functions correctly in the Rule Audit Detail UI. (AAP-13182)\n* Fixed a bug where ansible-rulebook prevented the execution, if the connection with the controller was not successful when controller was not required by the rulebook. (AAP-13209)\n* Fixed a bug where some audit rule records had the wrong rulebook link. (AAP-13844)\n* Fixed a bug where only the first 10 audit rules had the right link. (AAP-13845)\n* Previously project credentials could not be updated if there was a change to the credential used in the project. Now credentials can be updated in a project with a new or different credential. (AAP-13983)\n* The User Access section of the navigation panel no longer disappears after creating a decision environment. (AAP-14273)\n* Fixed a bug where filtering for audit rules didn\u0027t work properly on OpenShift Container Platform. (AAP-14512)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4693",
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "2232324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4693.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2024-11-23T00:12:56+00:00",
"generator": {
"date": "2024-11-23T00:12:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:4693",
"initial_release_date": "2023-08-21T21:53:41+00:00",
"revision_history": [
{
"date": "2023-08-21T21:53:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-08-29T18:14:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-23T00:12:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product": {
"name": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product_id": "python39-requests-0:2.31.0-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-requests@2.31.0-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.20-1.el8ap.noarch",
"product": {
"name": "python39-django-0:3.2.20-1.el8ap.noarch",
"product_id": "python39-django-0:3.2.20-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.20-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product": {
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product_id": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-rsa@4.7.2-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-server@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product_id": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-ui@1.0.1-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product": {
"name": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product_id": "python3-requests-0:2.31.0-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-requests@2.31.0-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-django-0:3.2.20-1.el9ap.noarch",
"product": {
"name": "python3-django-0:3.2.20-1.el9ap.noarch",
"product_id": "python3-django-0:3.2.20-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@3.2.20-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product": {
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product_id": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-rsa@4.7.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-server@1.0.1-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product_id": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-ui@1.0.1-1.el9ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3x-requests-0:2.31.0-1.el8ap.src",
"product": {
"name": "python3x-requests-0:2.31.0-1.el8ap.src",
"product_id": "python3x-requests-0:2.31.0-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-requests@2.31.0-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-django-0:3.2.20-1.el8ap.src",
"product": {
"name": "python3x-django-0:3.2.20-1.el8ap.src",
"product_id": "python3x-django-0:3.2.20-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-django@3.2.20-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product": {
"name": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product_id": "python3x-rsa-0:4.7.2-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-rsa@4.7.2-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product_id": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography@38.0.4-2.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product_id": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-requests-0:2.31.0-1.el9ap.src",
"product": {
"name": "python-requests-0:2.31.0-1.el9ap.src",
"product_id": "python-requests-0:2.31.0-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-requests@2.31.0-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.20-1.el9ap.src",
"product": {
"name": "python-django-0:3.2.20-1.el9ap.src",
"product_id": "python-django-0:3.2.20-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.20-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-rsa-0:4.7.2-1.el9ap.src",
"product": {
"name": "python-rsa-0:4.7.2-1.el9ap.src",
"product_id": "python-rsa-0:4.7.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-rsa@4.7.2-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-0:38.0.4-2.el9ap.src",
"product": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src",
"product_id": "python-cryptography-0:38.0.4-2.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@38.0.4-2.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product_id": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.0.1-1.el9ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product_id": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product_id": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-cryptography-debugsource@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product_id": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-cryptography-debuginfo@38.0.4-2.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product_id": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@38.0.4-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product_id": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debugsource@38.0.4-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product_id": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography-debuginfo@38.0.4-2.el9ap?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch"
},
"product_reference": "automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.20-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch"
},
"product_reference": "python39-django-0:3.2.20-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-0:2.31.0-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch"
},
"product_reference": "python39-requests-0:2.31.0-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-rsa-0:4.7.2-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch"
},
"product_reference": "python39-rsa-0:4.7.2-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-0:38.0.4-2.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src"
},
"product_reference": "python3x-cryptography-0:38.0.4-2.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64"
},
"product_reference": "python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-django-0:3.2.20-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src"
},
"product_reference": "python3x-django-0:3.2.20-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-requests-0:2.31.0-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
},
"product_reference": "python3x-requests-0:2.31.0-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-rsa-0:4.7.2-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src"
},
"product_reference": "python3x-rsa-0:4.7.2-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.0.1-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src"
},
"product_reference": "automation-eda-controller-0:1.0.1-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:38.0.4-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src"
},
"product_reference": "python-cryptography-0:38.0.4-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.20-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src"
},
"product_reference": "python-django-0:3.2.20-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-0:2.31.0-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src"
},
"product_reference": "python-requests-0:2.31.0-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-rsa-0:4.7.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src"
},
"product_reference": "python-rsa-0:4.7.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
},
"product_reference": "python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:3.2.20-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
},
"product_reference": "python3-django-0:3.2.20-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-0:2.31.0-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch"
},
"product_reference": "python3-requests-0:2.31.0-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rsa-0:4.7.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
},
"product_reference": "python3-rsa-0:4.7.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4380",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232324"
}
],
"notes": [
{
"category": "description",
"text": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "platform: token exposed at importing project",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"category": "external",
"summary": "RHBZ#2232324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4380"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4380"
}
],
"release_date": "2023-08-16T10:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "platform: token exposed at importing project"
},
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-32681",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209469"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-requests: Unintended leak of Proxy-Authorization header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32681"
},
{
"category": "external",
"summary": "RHBZ#2209469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q",
"url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q"
}
],
"release_date": "2023-05-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"category": "workaround",
"details": "For users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting allow_redirects to False on all calls through Requests top-level APIs. Note that if you are currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n\nimport requests\nr = requests.get(\u0027http://github.com/\u0027, allow_redirects=False)",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-requests: Unintended leak of Proxy-Authorization header"
},
{
"cve": "CVE-2023-36053",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2218004"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python39-cryptography-debuginfo-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-requests-0:2.31.0-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-rsa-0:4.7.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-0:38.0.4-2.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:python3x-cryptography-debugsource-0:38.0.4-2.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python3x-requests-0:2.31.0-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:python3x-rsa-0:4.7.2-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-0:1.0.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-server-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-eda-controller-ui-0:1.0.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-0:38.0.4-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python-cryptography-debugsource-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-requests-0:2.31.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-rsa-0:4.7.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:python3-cryptography-debuginfo-0:38.0.4-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python3-requests-0:2.31.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python3-rsa-0:4.7.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36053"
},
{
"category": "external",
"summary": "RHBZ#2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"
}
],
"release_date": "2023-07-03T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-21T21:53:41+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4:python39-django-0:3.2.20-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-django-0:3.2.20-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:python-django-0:3.2.20-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-django-0:3.2.20-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator"
}
]
}
RHSA-2023_4971
Vulnerability from csaf_redhat - Published: 2023-09-05 11:53 - Updated: 2024-12-16 15:00Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.4
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-controller: cryptography: memory corruption via immutable objects (CVE-2023-23931)
* automation-controller: GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
* python3-gitpython/python39-gitpython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes:
* ansible-core has been updated to 2.15.3 (AAP-15269)
* automation-controller has been updated to 4.4.3 (AAP-15549)
* python3-gitpython/python39-gitpython has been updated to 3.1.21 (AAP-15485)
* automation controller: Fix bug that can cause a deadlock on shutdown when redis is unavailable. (AAP-14203)
* automation controller: The login form no longer supports autocomplete on the password field due to security concerns. (AAP-15545)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.
6.5 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch | — |
Threats
Impact
Moderate
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.
9.8 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64 | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64 | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch | — | ||
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch | — |
Threats
Impact
Low
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.4\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n* automation-controller: cryptography: memory corruption via immutable objects (CVE-2023-23931)\n* automation-controller: GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)\n* python3-gitpython/python39-gitpython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional changes:\n* ansible-core has been updated to 2.15.3 (AAP-15269)\n* automation-controller has been updated to 4.4.3 (AAP-15549)\n* python3-gitpython/python39-gitpython has been updated to 3.1.21 (AAP-15485)\n* automation controller: Fix bug that can cause a deadlock on shutdown when redis is unavailable. (AAP-14203)\n* automation controller: The login form no longer supports autocomplete on the password field due to security concerns. (AAP-15545)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4971",
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4971.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2024-12-16T15:00:06+00:00",
"generator": {
"date": "2024-12-16T15:00:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:4971",
"initial_release_date": "2023-09-05T11:53:51+00:00",
"revision_history": [
{
"date": "2023-09-05T11:53:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-05T11:53:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T15:00:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el9ap.src",
"product": {
"name": "ansible-core-0:2.15.3-1.el9ap.src",
"product_id": "ansible-core-0:2.15.3-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-gitpython-0:3.1.32-1.el9ap.src",
"product": {
"name": "python-gitpython-0:3.1.32-1.el9ap.src",
"product_id": "python-gitpython-0:3.1.32-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gitpython@3.1.32-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.src",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.src",
"product_id": "automation-controller-0:4.4.3-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el8ap.src",
"product": {
"name": "ansible-core-0:2.15.3-1.el8ap.src",
"product_id": "ansible-core-0:2.15.3-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product": {
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product_id": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3x-gitpython@3.1.32-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.src",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.src",
"product_id": "automation-controller-0:4.4.3-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product_id": "ansible-core-0:2.15.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product_id": "ansible-test-0:2.15.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-test@2.15.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product": {
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product_id": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-gitpython@3.1.32-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product": {
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product_id": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.4.3-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product_id": "ansible-core-0:2.15.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.15.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product_id": "ansible-test-0:2.15.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-test@2.15.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product": {
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product_id": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-gitpython@3.1.32-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.4.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.4.3-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product": {
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product_id": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.4.3-1.el8ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product_id": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product_id": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product_id": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product_id": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product_id": "automation-controller-0:4.4.3-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product_id": "automation-controller-0:4.4.3-1.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product": {
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product_id": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product": {
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product_id": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.4.3-1.el8ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product_id": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.4.3-1.el8ap?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64"
},
"product_reference": "automation-controller-0:4.4.3-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-server-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.4.3-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3x-gitpython-0:3.1.32-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src"
},
"product_reference": "python3x-gitpython-0:3.1.32-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Developer-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4-Inside-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-0:2.15.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src"
},
"product_reference": "ansible-core-0:2.15.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-0:2.15.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch"
},
"product_reference": "ansible-test-0:2.15.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.4.3-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64"
},
"product_reference": "automation-controller-0:4.4.3-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-server-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.4.3-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gitpython-0:3.1.32-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
},
"product_reference": "python3-gitpython-0:3.1.32-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23931",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2023-02-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171817"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: memory corruption via immutable objects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "RHBZ#2171817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
}
],
"release_date": "2023-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T11:53:51+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: memory corruption via immutable objects"
},
{
"cve": "CVE-2023-40267",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-08-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2231474"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: Insecure non-multi options in clone and clone_from is not blocked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. \n\nRed Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
],
"known_not_affected": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40267"
},
{
"category": "external",
"summary": "RHBZ#2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj",
"url": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj"
}
],
"release_date": "2023-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T11:53:51+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4971"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.aarch64",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.ppc64le",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.s390x",
"8Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.4:python39-gitpython-0:3.1.32-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.4:python3x-gitpython-0:3.1.32-1.el8ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Developer-1.1:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4-Inside-1.2:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:ansible-core-0:2.15.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:ansible-test-0:2.15.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-cli-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-server-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-ui-0:4.4.3-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.4:automation-controller-venv-tower-0:4.4.3-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.4:python-gitpython-0:3.1.32-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.4:python3-gitpython-0:3.1.32-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "GitPython: Insecure non-multi options in clone and clone_from is not blocked"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…