Red Hat Security Advisory: ACS 4.6 enhancement and security update
Red Hat Advanced Cluster Security (RHACS) 4. 6 includes multiple security fixes addressing vulnerabilities such as Regular Expression Denial of Service (ReDoS) in micromatch (CVE-2024-4067) and nodejs-async (CVE-2024-39249), as well as issues in golang components handling ZIP files (CVE-2024-24789) and IPv4-mapped IPv6 address methods (CVE-2024-24790). These vulnerabilities have been fixed in the RHACS 4. 6 release, which also introduces new features and enhancements. The advisory recommends upgrading to version 4. 6 to remediate these issues. No known exploits in the wild have been reported. The severity of these combined issues is assessed as medium.
AI Analysis
Technical Summary
The RHACS 4.6 release addresses four security vulnerabilities: CVE-2024-4067 and CVE-2024-39249 are Regular Expression Denial of Service (ReDoS) vulnerabilities in the micromatch and nodejs-async libraries, respectively. CVE-2024-24789 concerns incorrect handling of certain ZIP files in the golang archive/zip package, and CVE-2024-24790 involves unexpected behavior in golang net/netip Is methods for IPv4-mapped IPv6 addresses. These issues could potentially lead to denial of service or unexpected behavior in affected components. The advisory provides updated container images and software packages that fix these vulnerabilities. Users of earlier RHACS versions are advised to upgrade to 4.6 to apply these fixes.
Potential Impact
The vulnerabilities fixed in RHACS 4.6 primarily involve denial of service risks due to Regular Expression Denial of Service (ReDoS) and incorrect handling of input data that could cause unexpected behavior. There are no reports of active exploitation in the wild. The impact is considered moderate, affecting availability and potentially reliability of the affected components within RHACS deployments.
Mitigation Recommendations
Red Hat advises users running earlier versions of RHACS to upgrade to version 4.6, which contains fixes for the identified vulnerabilities. No additional mitigation steps are indicated beyond applying the official update. Since this is not a cloud service, remediation depends on user action to deploy the updated RHACS 4.6 release.
Red Hat Security Advisory: ACS 4.6 enhancement and security update
Description
Red Hat Advanced Cluster Security (RHACS) 4. 6 includes multiple security fixes addressing vulnerabilities such as Regular Expression Denial of Service (ReDoS) in micromatch (CVE-2024-4067) and nodejs-async (CVE-2024-39249), as well as issues in golang components handling ZIP files (CVE-2024-24789) and IPv4-mapped IPv6 address methods (CVE-2024-24790). These vulnerabilities have been fixed in the RHACS 4. 6 release, which also introduces new features and enhancements. The advisory recommends upgrading to version 4. 6 to remediate these issues. No known exploits in the wild have been reported. The severity of these combined issues is assessed as medium.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The RHACS 4.6 release addresses four security vulnerabilities: CVE-2024-4067 and CVE-2024-39249 are Regular Expression Denial of Service (ReDoS) vulnerabilities in the micromatch and nodejs-async libraries, respectively. CVE-2024-24789 concerns incorrect handling of certain ZIP files in the golang archive/zip package, and CVE-2024-24790 involves unexpected behavior in golang net/netip Is methods for IPv4-mapped IPv6 addresses. These issues could potentially lead to denial of service or unexpected behavior in affected components. The advisory provides updated container images and software packages that fix these vulnerabilities. Users of earlier RHACS versions are advised to upgrade to 4.6 to apply these fixes.
Potential Impact
The vulnerabilities fixed in RHACS 4.6 primarily involve denial of service risks due to Regular Expression Denial of Service (ReDoS) and incorrect handling of input data that could cause unexpected behavior. There are no reports of active exploitation in the wild. The impact is considered moderate, affecting availability and potentially reliability of the affected components within RHACS deployments.
Mitigation Recommendations
Red Hat advises users running earlier versions of RHACS to upgrade to version 4.6, which contains fixes for the identified vulnerabilities. No additional mitigation steps are indicated beyond applying the official update. Since this is not a cloud service, remediation depends on user action to deploy the updated RHACS 4.6 release.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:10775
- Cve Count
- 4
- Additional Cves
- ["CVE-2024-24789","CVE-2024-24790","CVE-2024-39249"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b50462127
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:23:54 PM
Last updated: 6/2/2026, 4:59:42 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.