rhsa-2024_1536
Vulnerability from csaf_redhat
Published
2024-03-27 13:22
Modified
2024-11-06 05:22
Summary
Red Hat Security Advisory: Satellite 6.14.3 Async Security Update
Notes
Topic
An update is now available for Red Hat Satellite 6.14 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content
2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint "rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq"
2266140 - wrong links to provisioning guide in CR help
2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors
2266144 - Promoting a composite content view to environment with registry name as "<%= lifecycle_environment.label %>/<%= repository.name %>" on Red Hat Satellite 6 fails with "'undefined method '#label' for NilClass::Jail (NilClass)'"
2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
2266146 - katello:reimport fails with "TypeError: no implicit conversion of String into Integer" when there are product contents to move
2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context"
2266148 - Adding a CV to a CCV lists CV versions disorderly
2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step
2266413 - [RFE] "Add content view" window and "Update version" window should display content view version, description and publishing date
2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Satellite 6.14 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)\n* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)\n* python-aiohttp: http request smuggling (CVE-2024-23829)\n* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)\n* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)\n* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)\n* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)\n\nBug Fix(es):\n2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.\n2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content\n2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint \"rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq\"\n2266140 - wrong links to provisioning guide in CR help\n2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors\n2266144 - Promoting a composite content view to environment with registry name as \"\u003c%= lifecycle_environment.label %\u003e/\u003c%= repository.name %\u003e\" on Red Hat Satellite 6 fails with \"\u0027undefined method \u0027#label\u0027 for NilClass::Jail (NilClass)\u0027\"\n2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate\n2266146 - katello:reimport fails with \"TypeError: no implicit conversion of String into Integer\" when there are product contents to move\n2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint \"katello_available_module_streams_name_stream_context\"\n2266148 - Adding a CV to a CCV lists CV versions disorderly\n2266149 - \u0027Remove orphans\u0027 task fails on DeleteOrphanAlternateContentSources step\n2266413 - [RFE] \"Add content view\" window and \"Update version\" window should display content view version, description and publishing date \n2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.\n2266141 - wrong link to scap content documentation \nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1536",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "2266107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266107"
},
{
"category": "external",
"summary": "2266110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266110"
},
{
"category": "external",
"summary": "2266113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266113"
},
{
"category": "external",
"summary": "2266139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266139"
},
{
"category": "external",
"summary": "2266140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266140"
},
{
"category": "external",
"summary": "2266141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266141"
},
{
"category": "external",
"summary": "2266142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266142"
},
{
"category": "external",
"summary": "2266144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266144"
},
{
"category": "external",
"summary": "2266145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266145"
},
{
"category": "external",
"summary": "2266146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266146"
},
{
"category": "external",
"summary": "2266147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266147"
},
{
"category": "external",
"summary": "2266148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266148"
},
{
"category": "external",
"summary": "2266149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266149"
},
{
"category": "external",
"summary": "2266413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266413"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1536.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.3 Async Security Update",
"tracking": {
"current_release_date": "2024-11-06T05:22:17+00:00",
"generator": {
"date": "2024-11-06T05:22:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:1536",
"initial_release_date": "2024-03-27T13:22:31+00:00",
"revision_history": [
{
"date": "2024-03-27T13:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-27T13:22:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T05:22:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.src",
"product_id": "candlepin-0:4.3.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_id": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp@3.9.2-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_id": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-ansible-builder@1.2.0-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_id": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-async-timeout@4.0.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.22-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.22-1.el8pc.src",
"product_id": "python-django-0:3.2.22-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.22-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_id": "python-flake8-0:5.0.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flake8@5.0.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_id": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-galaxy-importer@0.4.18-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_id": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jinja2@3.1.3-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_id": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-mccabe@0.7.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_id": "python-pulpcore-0:3.22.22-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.22.22-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_id": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.19.12-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_id": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pycodestyle@2.9.1-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_id": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyflakes@2.5.0-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.src",
"product_id": "satellite-0:6.14.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.3.12-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_id": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-ansible-builder@1.2.0-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_id": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-async-timeout@4.0.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_id": "python39-django-0:3.2.22-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.22-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_id": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-flake8@5.0.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_id": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-galaxy-importer@0.4.18-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_id": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-jinja2@3.1.3-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_id": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-mccabe@0.7.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.22.22-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_id": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-rpm@3.19.12-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_id": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pycodestyle@2.9.1-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_id": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pyflakes@2.5.0-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_id": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@12.0.0.8-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_id": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_virt_who_configure@0.5.19-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_id": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-hammer_cli_katello@1.9.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.3-1.el8sat.noarch",
"product_id": "satellite-0:6.14.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_id": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@0.0.0.1-1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-aiohttp-debugsource@3.9.2-0.1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_id": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-aiohttp-debuginfo@3.9.2-0.1.el8pc?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.3.12-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src"
},
"product_reference": "candlepin-0:4.3.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.3.12-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-0:3.9.2-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src"
},
"product_reference": "python-aiohttp-0:3.9.2-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ansible-builder-0:1.2.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src"
},
"product_reference": "python-ansible-builder-0:1.2.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-async-timeout-0:4.0.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src"
},
"product_reference": "python-async-timeout-0:4.0.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.22-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.22-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flake8-0:5.0.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src"
},
"product_reference": "python-flake8-0:5.0.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-galaxy-importer-0:0.4.18-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src"
},
"product_reference": "python-galaxy-importer-0:0.4.18-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:3.1.3-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src"
},
"product_reference": "python-jinja2-0:3.1.3-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-mccabe-0:0.7.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src"
},
"product_reference": "python-mccabe-0:0.7.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.12-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.12-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.22-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.22-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycodestyle-0:2.9.1-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src"
},
"product_reference": "python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyflakes-0:2.5.0-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src"
},
"product_reference": "python-pyflakes-0:2.5.0-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
},
"product_reference": "python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch"
},
"product_reference": "python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch"
},
"product_reference": "python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.22-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.22-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-flake8-0:5.0.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch"
},
"product_reference": "python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
},
"product_reference": "python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
},
"product_reference": "python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch"
},
"product_reference": "python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.22-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch"
},
"product_reference": "python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch"
},
"product_reference": "python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src"
},
"product_reference": "rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src"
},
"product_reference": "rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src"
},
"product_reference": "rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.23-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:0.0.0.1-1.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
},
"product_reference": "satellite-lifecycle-0:0.0.0.1-1.src",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5189",
"discovery_date": "2023-08-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2234387"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Hub: insecure galaxy-importer tarfile extraction",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"category": "external",
"summary": "RHBZ#2234387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5189"
}
],
"release_date": "2023-09-26T05:28:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction"
},
{
"cve": "CVE-2023-43665",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-09-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241046"
}
],
"notes": [
{
"category": "description",
"text": "An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Denial-of-service possibility in django.utils.text.Truncator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43665"
},
{
"category": "external",
"summary": "RHBZ#2241046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"
}
],
"release_date": "2023-10-04T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Denial-of-service possibility in django.utils.text.Truncator"
},
{
"cve": "CVE-2023-47627",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-11-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249825"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: numerous issues in HTTP parser with header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47627"
},
{
"category": "external",
"summary": "RHBZ#2249825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: numerous issues in HTTP parser with header parsing"
},
{
"cve": "CVE-2023-49081",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252235"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: HTTP request modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49081"
},
{
"category": "external",
"summary": "RHBZ#2252235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49081"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"
}
],
"release_date": "2023-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: HTTP request modification"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2257854"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "RHBZ#2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
}
],
"release_date": "2024-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter"
},
{
"cve": "CVE-2024-23334",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option \u0027follow_symlinks\u0027 can be used to determine whether to follow symbolic links outside the static root directory. When \u0027follow_symlinks\u0027 is set to True, there is no validation to check if a given file path is within the root directory. This issue can lead to a directory traversal vulnerability, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: follow_symlinks directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having a moderate impact. There is a non-default precondition which is required to exploit it: the follow_symlinks setting needs to be enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23334"
},
{
"category": "external",
"summary": "RHBZ#2261887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23334"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "workaround",
"details": "If using follow_symlinks=True outside of a restricted local development environment, disable the option immediately. This option is NOT needed to follow symlinks that point to a location within the static root directory; it is only intended to allow a symlink to break out of the static directory. Even with this CVE fixed, there is still a substantial risk of misconfiguration when using this option on a server that accepts requests from remote users.\n\nAdditionally, aiohttp has always recommended using a reverse proxy server (such as nginx) to handle static resources and not to use these static resources in aiohttp for production environments. Doing so also protects against this vulnerability, and is why we expect the number of affected users to be very low.",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "aiohttp: follow_symlinks directory traversal vulnerability"
},
{
"cve": "CVE-2024-23829",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2024-01-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2261909"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of additional requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-aiohttp: http request smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:candlepin-0:4.3.12-1.el8sat.src",
"8Base-satellite-6.14:candlepin-selinux-0:4.3.12-1.el8sat.noarch",
"8Base-satellite-6.14:python-ansible-builder-0:1.2.0-1.el8pc.src",
"8Base-satellite-6.14:python-async-timeout-0:4.0.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-django-0:3.2.22-1.el8pc.src",
"8Base-satellite-6.14:python-flake8-0:5.0.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-galaxy-importer-0:0.4.18-2.el8pc.src",
"8Base-satellite-6.14:python-jinja2-0:3.1.3-0.1.el8pc.src",
"8Base-satellite-6.14:python-mccabe-0:0.7.0-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.12-1.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.22-2.el8pc.src",
"8Base-satellite-6.14:python-pycodestyle-0:2.9.1-0.1.el8pc.src",
"8Base-satellite-6.14:python-pyflakes-0:2.5.0-0.1.el8pc.src",
"8Base-satellite-6.14:python39-ansible-builder-0:1.2.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-async-timeout-0:4.0.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-django-0:3.2.22-1.el8pc.noarch",
"8Base-satellite-6.14:python39-flake8-0:5.0.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-galaxy-importer-0:0.4.18-2.el8pc.noarch",
"8Base-satellite-6.14:python39-jinja2-0:3.1.3-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-mccabe-0:0.7.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.12-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.22-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pycodestyle-0:2.9.1-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pyflakes-0:2.5.0-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_theme_satellite-0:12.0.0.8-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_virt_who_configure-0:0.5.19-1.el8sat.src",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-hammer_cli_katello-0:1.9.1.3-1.el8sat.src",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.23-1.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:0.0.0.1-1.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23829"
},
{
"category": "external",
"summary": "RHBZ#2261909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23829"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
}
],
"release_date": "2024-01-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T13:22:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python-aiohttp-0:3.9.2-0.1.el8pc.src",
"8Base-satellite-6.14:python-aiohttp-debugsource-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-0:3.9.2-0.1.el8pc.x86_64",
"8Base-satellite-6.14:python39-aiohttp-debuginfo-0:3.9.2-0.1.el8pc.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-aiohttp: http request smuggling"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.