Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0949
Vulnerability from csaf_certbund
Published
2024-04-23 22:00
Modified
2024-11-19 23:00
Summary
Red Hat Satellite: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuführen oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0949 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0949.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0949 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0949"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9E55564CA7 vom 2024-09-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9e55564ca7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-BC19D8CC99 vom 2024-11-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bc19d8cc99"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-19T23:00:00.000+00:00",
"generator": {
"date": "2024-11-20T09:28:43.346+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0949",
"initial_release_date": "2024-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T034361",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.15.0",
"product": {
"name": "Red Hat Satellite \u003c6.15.0",
"product_id": "T034380"
}
},
{
"category": "product_version",
"name": "6.15.0",
"product": {
"name": "Red Hat Satellite 6.15.0",
"product_id": "T034380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15.0"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40896",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2022-40896"
},
{
"cve": "CVE-2023-36479",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-36479"
},
{
"cve": "CVE-2023-37276",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-37276"
},
{
"cve": "CVE-2023-38037",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-38037"
},
{
"cve": "CVE-2023-40167",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-40167"
},
{
"cve": "CVE-2023-41164",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-41164"
},
{
"cve": "CVE-2023-4320",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-4320"
},
{
"cve": "CVE-2023-43665",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-43665"
},
{
"cve": "CVE-2023-47627",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-47627"
},
{
"cve": "CVE-2023-49081",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-49081"
},
{
"cve": "CVE-2023-49082",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-49082"
},
{
"cve": "CVE-2023-5189",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-5189"
},
{
"cve": "CVE-2023-52323",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-52323"
},
{
"cve": "CVE-2024-21647",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-21647"
},
{
"cve": "CVE-2024-22047",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-22047"
},
{
"cve": "CVE-2024-22195",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-23334",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-23334"
},
{
"cve": "CVE-2024-23829",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Satellite. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie Pygments, Ansible oder Jetty, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem regul\u00e4ren Ausdruck, einem arithmetischen \u00dcberlauf oder einem unkontrollierten Ressourcenverbrauch. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034380",
"T034361",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-23829"
}
]
}
CVE-2023-4320 (GCVE-0-2023-4320)
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2025-04-09 21:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Satellite 6.15 for RHEL 8 |
Unaffected: 0:3.9.1.6-1.el8sat < * cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_maintenance:6.15::el8 cpe:/a:redhat:satellite:6.15::el8 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4320"
},
{
"name": "RHBZ#2231814",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.9.1.6-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.9.1.6-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.9.1.6-1.el8sat",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-08-14T09:03:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system\u0027s integrity."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T21:12:04.863Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4320"
},
{
"name": "RHBZ#2231814",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-14T09:03:00+00:00",
"value": "Made public."
}
],
"title": "Satellite: arithmetic overflow in satellite",
"x_redhatCweChain": "CWE-613: Insufficient Session Expiration"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4320",
"datePublished": "2023-12-18T13:43:07.747Z",
"dateReserved": "2023-08-14T08:42:02.181Z",
"dateUpdated": "2025-04-09T21:12:04.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40896 (GCVE-0-2022-40896)
Vulnerability from cvelistv5
Published
2023-07-19 00:00
Modified
2024-11-27 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://pypi.org/project/Pygments/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"
},
{
"tags": [
"x_transferred"
],
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"
},
{
"name": "FEDORA-2024-db87ce2a47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/"
},
{
"name": "FEDORA-2024-8eaf80107a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:28:52.133335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:28:58.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T03:06:03.297027",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pypi.org/project/Pygments/"
},
{
"url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"
},
{
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"
},
{
"name": "FEDORA-2024-db87ce2a47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/"
},
{
"name": "FEDORA-2024-8eaf80107a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40896",
"datePublished": "2023-07-19T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2024-11-27T14:28:58.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5189 (GCVE-0-2023-5189)
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2024-12-06 11:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:0.4.18-1.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:15:00.429640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:16:10.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python3x-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-09-26T05:28:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T11:10:59.899Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-26T05:28:00+00:00",
"value": "Made public."
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction",
"x_redhatCweChain": "CWE-23: Relative Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5189",
"datePublished": "2023-11-14T22:57:00.584Z",
"dateReserved": "2023-09-26T05:27:24.004Z",
"dateUpdated": "2024-12-06T11:10:59.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49081 (GCVE-0-2023-49081)
Vulnerability from cvelistv5
Published
2023-11-30 06:56
Modified
2024-08-02 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/7835/files",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/pull/7835/files"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b"
},
{
"name": "https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T14:10:37.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/7835/files",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/pull/7835/files"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b"
},
{
"name": "https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e",
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e"
}
],
"source": {
"advisory": "GHSA-q3qx-c6g2-7pw2",
"discovery": "UNKNOWN"
},
"title": "aiohttp\u0027s ClientSession is vulnerable to CRLF injection via version"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49081",
"datePublished": "2023-11-30T06:56:26.348Z",
"dateReserved": "2023-11-21T18:57:30.428Z",
"dateUpdated": "2024-08-02T21:46:28.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47627 (GCVE-0-2023-47627)
Vulnerability from cvelistv5
Published
2023-11-14 20:48
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47627",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T19:22:18.504293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:02:19.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T07:06:04.991Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/"
}
],
"source": {
"advisory": "GHSA-gfw2-4jvh-wgfg",
"discovery": "UNKNOWN"
},
"title": "Request smuggling in aiohttp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47627",
"datePublished": "2023-11-14T20:48:48.076Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2025-02-13T17:18:04.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52323 (GCVE-0-2023-52323)
Vulnerability from cvelistv5
Published
2024-01-05 00:00
Modified
2025-06-03 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://pypi.org/project/pycryptodomex/#history"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:36:55.525786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:41:53.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T03:24:28.019Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst"
},
{
"url": "https://pypi.org/project/pycryptodomex/#history"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52323",
"datePublished": "2024-01-05T00:00:00.000Z",
"dateReserved": "2024-01-05T00:00:00.000Z",
"dateUpdated": "2025-06-03T14:41:53.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23334 (GCVE-0-2024-23334)
Vulnerability from cvelistv5
Published
2024-01-29 22:41
Modified
2025-05-30 19:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8079",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8079"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23334",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:29:24.076502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:33:07.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option \u0027follow_symlinks\u0027 can be used to determine whether to follow symbolic links outside the static root directory. When \u0027follow_symlinks\u0027 is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T03:06:24.340Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8079",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8079"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
],
"source": {
"advisory": "GHSA-5h86-8mv2-jq9f",
"discovery": "UNKNOWN"
},
"title": "aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23334",
"datePublished": "2024-01-29T22:41:39.584Z",
"dateReserved": "2024-01-15T15:19:19.443Z",
"dateUpdated": "2025-05-30T19:33:07.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40167 (GCVE-0-2023-40167)
Vulnerability from cvelistv5
Published
2023-09-15 19:37
Modified
2025-02-13 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Summary
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eclipse | jetty.project |
Version: >= 9.0.0, <= 9.4.51 Version: >= 10.0.0, <= 10.0.15 Version: >= 11.0.0, <= 11.0.15 Version: = 12.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:49:57.977850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:50:08.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jetty.project",
"vendor": "eclipse",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.4.51"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.0.15"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.0.15"
},
{
"status": "affected",
"version": "= 12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T14:06:19.236Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
},
{
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"source": {
"advisory": "GHSA-hmr7-m48g-48f6",
"discovery": "UNKNOWN"
},
"title": "Jetty accepts \"+\" prefixed value in Content-Length"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40167",
"datePublished": "2023-09-15T19:37:37.530Z",
"dateReserved": "2023-08-09T15:26:41.051Z",
"dateUpdated": "2025-02-13T17:03:25.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37276 (GCVE-0-2023-37276)
Vulnerability from cvelistv5
Published
2023-07-19 19:39
Modified
2024-10-18 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"
},
{
"name": "https://hackerone.com/reports/2001873",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/2001873"
},
{
"name": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aio-libs_project:aiohttp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aiohttp",
"vendor": "aio-libs_project",
"versions": [
{
"lessThan": "3.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:05:51.434153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:14:03.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn\u0027t vulnerable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T19:39:19.240Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"
},
{
"name": "https://hackerone.com/reports/2001873",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2001873"
},
{
"name": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules"
}
],
"source": {
"advisory": "GHSA-45c4-8wx5-qw6w",
"discovery": "UNKNOWN"
},
"title": "aiohttp vulnerable to HTTP request smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37276",
"datePublished": "2023-07-19T19:39:19.240Z",
"dateReserved": "2023-06-29T19:35:26.440Z",
"dateUpdated": "2024-10-18T17:14:03.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41164 (GCVE-0-2023-41164)
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-08-02 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:03.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/4.2/releases/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"
},
{
"name": "FEDORA-2023-a67af7d8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231214-0002/"
},
{
"name": "FEDORA-2024-84fbbbb914",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-20T03:06:02.315105",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"url": "https://docs.djangoproject.com/en/4.2/releases/security/"
},
{
"url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"
},
{
"name": "FEDORA-2023-a67af7d8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231214-0002/"
},
{
"name": "FEDORA-2024-84fbbbb914",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41164",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-08-24T00:00:00",
"dateUpdated": "2024-08-02T18:54:03.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23829 (GCVE-0-2024-23829)
Vulnerability from cvelistv5
Published
2024-01-29 22:41
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8074",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:40:08.863740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:29:17.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T03:06:26.337Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/8074",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/pull/8074"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"
}
],
"source": {
"advisory": "GHSA-8qpw-xqxj-h4r2",
"discovery": "UNKNOWN"
},
"title": "aiohttp\u0027s HTTP parser (the python one, not llhttp) still overly lenient about separators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23829",
"datePublished": "2024-01-29T22:41:35.032Z",
"dateReserved": "2024-01-22T22:23:54.338Z",
"dateUpdated": "2025-02-13T17:39:53.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43665 (GCVE-0-2023-43665)
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-08-02 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/4.2/releases/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"
},
{
"name": "FEDORA-2023-a67af7d8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0001/"
},
{
"name": "FEDORA-2024-84fbbbb914",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"
},
{
"name": "[oss-security] 20240304 Django: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:09:51.000328",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"url": "https://docs.djangoproject.com/en/4.2/releases/security/"
},
{
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"
},
{
"name": "FEDORA-2023-a67af7d8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0001/"
},
{
"name": "FEDORA-2024-84fbbbb914",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"
},
{
"name": "[oss-security] 20240304 Django: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/04/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43665",
"datePublished": "2023-11-03T00:00:00",
"dateReserved": "2023-09-20T00:00:00",
"dateUpdated": "2024-08-02T19:44:43.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38037 (GCVE-0-2023-38037)
Vulnerability from cvelistv5
Published
2025-01-09 00:33
Modified
2025-02-15 00:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file. The temporary file's permissions are defaulted to the user's
current `umask` settings, meaning that it's possible for other users on the
same system to read the contents of the temporary file.
Attackers that have access to the file system could possibly read the contents
of this temporary file while a user is editing it.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rails | ActiveSupport |
Version: >= 5.2.0 < >= 5.2.0 Patch: 7.0.7.1, 6.1.7.5 < 7.0.7.1, 6.1.7.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T21:35:42.283546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T21:36:28.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:27.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ActiveSupport",
"vendor": "Rails",
"versions": [
{
"lessThan": "\u003e= 5.2.0",
"status": "affected",
"version": "\u003e= 5.2.0",
"versionType": "custom"
},
{
"lessThan": "5.2.0",
"status": "unaffected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "7.0.7.1, 6.1.7.5",
"status": "unaffected",
"version": "7.0.7.1, 6.1.7.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file. The temporary file\u0027s permissions are defaulted to the user\u0027s\r\ncurrent `umask` settings, meaning that it\u0027s possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T00:33:47.704Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-38037",
"datePublished": "2025-01-09T00:33:47.704Z",
"dateReserved": "2023-07-12T01:00:11.881Z",
"dateUpdated": "2025-02-15T00:10:27.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49082 (GCVE-0-2023-49082)
Vulnerability from cvelistv5
Published
2023-11-29 20:07
Modified
2024-08-02 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/7806/files",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/pull/7806/files"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466"
},
{
"name": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T14:11:02.945Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx"
},
{
"name": "https://github.com/aio-libs/aiohttp/pull/7806/files",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/pull/7806/files"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466"
},
{
"name": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b",
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b"
}
],
"source": {
"advisory": "GHSA-qvrw-v9rv-5rjx",
"discovery": "UNKNOWN"
},
"title": "aiohttp\u0027s ClientSession is vulnerable to CRLF injection via method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49082",
"datePublished": "2023-11-29T20:07:29.341Z",
"dateReserved": "2023-11-21T18:57:30.428Z",
"dateUpdated": "2024-08-02T21:46:29.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36479 (GCVE-0-2023-36479)
Vulnerability from cvelistv5
Published
2023-09-15 18:37
Modified
2025-06-18 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-149 - Improper Neutralization of Quoting Syntax
Summary
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eclipse | jetty.project |
Version: >= 9.0.0, <= 9.4.51 Version: >= 10.0.0, <= 10.0.15 Version: >= 11.0.0, <= 11.0.15 Version: <= 12.0.0-beta1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9516",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/pull/9516"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9888",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/pull/9888"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9889",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/pull/9889"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:04:27.724025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:41:11.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jetty.project",
"vendor": "eclipse",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.4.51"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.0.15"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.0.15"
},
{
"status": "affected",
"version": "\u003c= 12.0.0-beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-149",
"description": "CWE-149: Improper Neutralization of Quoting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T14:06:17.561Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9516",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/pull/9516"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9888",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/pull/9888"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9889",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/pull/9889"
},
{
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"source": {
"advisory": "GHSA-3gh6-v5v9-6v9j",
"discovery": "UNKNOWN"
},
"title": "Jetty vulnerable to errant command quoting in CGI Servlet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36479",
"datePublished": "2023-09-15T18:37:35.948Z",
"dateReserved": "2023-06-21T18:50:41.704Z",
"dateUpdated": "2025-06-18T14:41:11.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21647 (GCVE-0-2024-21647)
Vulnerability from cvelistv5
Published
2024-01-08 13:45
Modified
2025-06-03 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2"
},
{
"name": "https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:56:45.519791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:37:47.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "puma",
"vendor": "puma",
"versions": [
{
"status": "affected",
"version": "\u003c 5.6.8"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T13:45:27.510Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2"
},
{
"name": "https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93"
}
],
"source": {
"advisory": "GHSA-c2f4-cvqm-65w2",
"discovery": "UNKNOWN"
},
"title": "HTTP Request/Response Smuggling in puma"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21647",
"datePublished": "2024-01-08T13:45:27.510Z",
"dateReserved": "2023-12-29T16:10:20.366Z",
"dateUpdated": "2025-06-03T14:37:47.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22195 (GCVE-0-2024-22195)
Vulnerability from cvelistv5
Published
2024-01-11 02:25
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
},
{
"name": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:50:04.135839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:16.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jinja",
"vendor": "pallets",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-27T03:06:22.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
},
{
"name": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"
}
],
"source": {
"advisory": "GHSA-h5c8-rqwp-cp95",
"discovery": "UNKNOWN"
},
"title": "Jinja vulnerable to Cross-Site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22195",
"datePublished": "2024-01-11T02:25:44.239Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-06-17T21:09:16.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22047 (GCVE-0-2024-22047)
Vulnerability from cvelistv5
Published
2024-01-04 20:32
Modified
2025-06-03 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/collectiveidea/audited/issues/601"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/collectiveidea/audited/pull/669"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/collectiveidea/audited/pull/671"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:57:21.824787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:41:59.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://rubygems.org",
"defaultStatus": "unaffected",
"packageName": "audited",
"versions": [
{
"lessThan": "5.3.3",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.\u003c/p\u003e"
}
],
"value": "A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T20:32:02.771Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/collectiveidea/audited/issues/601"
},
{
"tags": [
"related"
],
"url": "https://github.com/collectiveidea/audited/pull/669"
},
{
"tags": [
"related"
],
"url": "https://github.com/collectiveidea/audited/pull/671"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Audited Log Integrity Errors Due to Race Condition"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-22047",
"datePublished": "2024-01-04T20:32:02.771Z",
"dateReserved": "2024-01-04T18:44:53.107Z",
"dateUpdated": "2025-06-03T14:41:59.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…