Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including sandbox breakout issues in Jinja templating (CVE-2024-56201, CVE-2024-56326) and potential denial-of-service vulnerabilities in Django components (CVE-2024-53907, CVE-2024-56374). These vulnerabilities affect the automation-controller and related Python packages. Red Hat has released updates addressing these issues in automation-controller 4. 6. 7, python3. 11-django 4. 2. 18, and python3. 11-jinja2 3.
AI Analysis
Technical Summary
This advisory covers multiple vulnerabilities in Red Hat Ansible Automation Platform 2.5, notably sandbox breakout vulnerabilities in Jinja2 templating engine through indirect references and malicious filenames (CVE-2024-56326, CVE-2024-56201), and denial-of-service vulnerabilities in Django's IPv6 validation and html.strip_tags() functions (CVE-2024-56374, CVE-2024-53907). These issues could allow attackers to escape sandbox restrictions or cause denial of service. Red Hat has addressed these vulnerabilities by updating automation-controller to version 4.6.7, python3.11-django to 4.2.18, and python3.11-jinja2 to 3.1.5. The advisory also includes various bug fixes and improvements to the platform components.
Potential Impact
The vulnerabilities allow for sandbox breakout in Jinja2, potentially enabling execution of unauthorized code or template injection attacks. The denial-of-service issues in Django components could allow attackers to disrupt service availability through malformed IPv6 inputs or HTML processing. These impacts affect the security and stability of the Ansible Automation Platform, potentially compromising automation workflows and system reliability.
Mitigation Recommendations
Red Hat has released official fixes for these vulnerabilities in updated packages: automation-controller 4.6.7, python3.11-django 4.2.18, and python3.11-jinja2 3.1.5. Users should apply these updates promptly to remediate the security issues. The advisory provides updated installer packages and RPMs for affected versions. No additional mitigation steps are indicated beyond applying the official patches.
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Description
Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including sandbox breakout issues in Jinja templating (CVE-2024-56201, CVE-2024-56326) and potential denial-of-service vulnerabilities in Django components (CVE-2024-53907, CVE-2024-56374). These vulnerabilities affect the automation-controller and related Python packages. Red Hat has released updates addressing these issues in automation-controller 4. 6. 7, python3. 11-django 4. 2. 18, and python3. 11-jinja2 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers multiple vulnerabilities in Red Hat Ansible Automation Platform 2.5, notably sandbox breakout vulnerabilities in Jinja2 templating engine through indirect references and malicious filenames (CVE-2024-56326, CVE-2024-56201), and denial-of-service vulnerabilities in Django's IPv6 validation and html.strip_tags() functions (CVE-2024-56374, CVE-2024-53907). These issues could allow attackers to escape sandbox restrictions or cause denial of service. Red Hat has addressed these vulnerabilities by updating automation-controller to version 4.6.7, python3.11-django to 4.2.18, and python3.11-jinja2 to 3.1.5. The advisory also includes various bug fixes and improvements to the platform components.
Potential Impact
The vulnerabilities allow for sandbox breakout in Jinja2, potentially enabling execution of unauthorized code or template injection attacks. The denial-of-service issues in Django components could allow attackers to disrupt service availability through malformed IPv6 inputs or HTML processing. These impacts affect the security and stability of the Ansible Automation Platform, potentially compromising automation workflows and system reliability.
Mitigation Recommendations
Red Hat has released official fixes for these vulnerabilities in updated packages: automation-controller 4.6.7, python3.11-django 4.2.18, and python3.11-jinja2 3.1.5. Users should apply these updates promptly to remediate the security issues. The advisory provides updated installer packages and RPMs for affected versions. No additional mitigation steps are indicated beyond applying the official patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:0777
- Cve Count
- 4
- Additional Cves
- ["CVE-2024-56201","CVE-2024-56326","CVE-2024-56374"]
- Cvss Version
- null
Threat ID: 6a1f4e8fe29bf47b50085bfa
Added to database: 6/2/2026, 9:43:43 PM
Last enriched: 6/2/2026, 10:21:21 PM
Last updated: 6/3/2026, 5:04:11 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.