Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including a denial-of-service through data corruption in gRPC-C++ (CVE-2024-11407), potential SQL injection on Oracle (CVE-2024-53908), denial-of-service in Django's strip_tags function (CVE-2024-53907), request smuggling in aiohttp (CVE-2024-52304), and mishandling of non-integer values in nanoid (CVE-2024-55565). Red Hat has released an important security advisory with updates and fixes addressing these issues in version 2. 5. The advisory includes various bug fixes and enhancements across the platform components. The vulnerabilities affect multiple architectures and versions of Red Hat Ansible Automation Platform 2. 5 for RHEL 8 and 9. The vendor advisory confirms that updates are available to remediate these vulnerabilities.
AI Analysis
Technical Summary
Red Hat Ansible Automation Platform 2.5 for RHEL 8 and 9 contains several security vulnerabilities: CVE-2024-11407 describes a denial-of-service via data corruption in gRPC-C++; CVE-2024-53908 is a potential SQL injection vulnerability in the automation-controller's HasKey function on Oracle databases; CVE-2024-53907 involves a potential denial-of-service in Django's strip_tags function; CVE-2024-52304 concerns a request smuggling vulnerability in aiohttp due to incorrect parsing of chunk extensions; and CVE-2024-55565 relates to nanoid mishandling non-integer values. Red Hat has issued an important security advisory (RHSA-2025:0340) providing updates and fixes, including automation-controller updated to version 4.6.6 and updates to dependent components such as aiohttp. The advisory details multiple bug fixes and enhancements alongside the security patches. These updates address the identified vulnerabilities and improve platform stability and security.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, potential SQL injection attacks on Oracle databases, and HTTP request smuggling, which may lead to unauthorized request handling. The denial-of-service vulnerabilities could disrupt automation workflows. The SQL injection vulnerability could allow attackers to manipulate database queries if exploited. The request smuggling vulnerability in aiohttp could enable attackers to bypass security controls or interfere with HTTP request processing. These issues affect Red Hat Ansible Automation Platform 2.5 installations on RHEL 8 and 9 across multiple CPU architectures. No known exploits in the wild have been reported at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated packages for Ansible Automation Platform 2.5 that address these vulnerabilities, including automation-controller version 4.6.6 and updated dependencies such as aiohttp 3.10.11. Users should apply these official updates promptly to remediate the security issues. The advisory (RHSA-2025:0340) provides detailed information on affected packages and versions. Since this is not a cloud service, remediation requires applying the vendor-provided patches. No additional mitigation steps are indicated beyond applying the updates.
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Description
Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including a denial-of-service through data corruption in gRPC-C++ (CVE-2024-11407), potential SQL injection on Oracle (CVE-2024-53908), denial-of-service in Django's strip_tags function (CVE-2024-53907), request smuggling in aiohttp (CVE-2024-52304), and mishandling of non-integer values in nanoid (CVE-2024-55565). Red Hat has released an important security advisory with updates and fixes addressing these issues in version 2. 5. The advisory includes various bug fixes and enhancements across the platform components. The vulnerabilities affect multiple architectures and versions of Red Hat Ansible Automation Platform 2. 5 for RHEL 8 and 9. The vendor advisory confirms that updates are available to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Ansible Automation Platform 2.5 for RHEL 8 and 9 contains several security vulnerabilities: CVE-2024-11407 describes a denial-of-service via data corruption in gRPC-C++; CVE-2024-53908 is a potential SQL injection vulnerability in the automation-controller's HasKey function on Oracle databases; CVE-2024-53907 involves a potential denial-of-service in Django's strip_tags function; CVE-2024-52304 concerns a request smuggling vulnerability in aiohttp due to incorrect parsing of chunk extensions; and CVE-2024-55565 relates to nanoid mishandling non-integer values. Red Hat has issued an important security advisory (RHSA-2025:0340) providing updates and fixes, including automation-controller updated to version 4.6.6 and updates to dependent components such as aiohttp. The advisory details multiple bug fixes and enhancements alongside the security patches. These updates address the identified vulnerabilities and improve platform stability and security.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, potential SQL injection attacks on Oracle databases, and HTTP request smuggling, which may lead to unauthorized request handling. The denial-of-service vulnerabilities could disrupt automation workflows. The SQL injection vulnerability could allow attackers to manipulate database queries if exploited. The request smuggling vulnerability in aiohttp could enable attackers to bypass security controls or interfere with HTTP request processing. These issues affect Red Hat Ansible Automation Platform 2.5 installations on RHEL 8 and 9 across multiple CPU architectures. No known exploits in the wild have been reported at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated packages for Ansible Automation Platform 2.5 that address these vulnerabilities, including automation-controller version 4.6.6 and updated dependencies such as aiohttp 3.10.11. Users should apply these official updates promptly to remediate the security issues. The advisory (RHSA-2025:0340) provides detailed information on affected packages and versions. Since this is not a cloud service, remediation requires applying the vendor-provided patches. No additional mitigation steps are indicated beyond applying the updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:0340
- Cve Count
- 5
- Additional Cves
- ["CVE-2024-52304","CVE-2024-53907","CVE-2024-53908","CVE-2024-55565"]
- Cvss Version
- null
Threat ID: 6a1f4e9ee29bf47b50086ed5
Added to database: 6/2/2026, 9:43:58 PM
Last enriched: 6/2/2026, 10:24:49 PM
Last updated: 6/3/2026, 4:58:16 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.