Threats Tagged 'cve-2024-4340'

A denial of service vulnerability (CVE-2024-4340) exists in the python-sqlparse component used by Red Hat OpenStack Platform 17.1. The issue occurs when parsing heavily nested lists, which can cause the service to become unavailable. Red Hat has issued a security advisory (RHSA-2024:9986) rating the impact as moderate and providing updated packages to address the vulnerability. No known exploits are reported in the wild. The advisory includes instructions for applying the update to mitigate the issue.

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): * python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers (CVE-2024-1135) * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790) * python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override (CVE-2024-26130) * python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (CVE-2024-41991) Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.