Threats Tagged 'cve-2024-56201'

Red Hat Ansible Automation Platform Execution Environments containers have multiple security vulnerabilities affecting the ee-minimal-container image. These include a request smuggling vulnerability in aiohttp due to incorrect parsing of chunk extensions (CVE-2024-52304) and two sandbox breakout vulnerabilities in Jinja templating through malicious filenames (CVE-2024-56201) and indirect references to the format method (CVE-2024-56326). These issues could allow an attacker to bypass security restrictions within the container environment. Red Hat has issued an important security advisory with updated container images addressing these vulnerabilities.

Red Hat Ansible Automation Platform Execution Environments container images contain multiple security vulnerabilities. These include a request smuggling vulnerability in aiohttp due to incorrect parsing of chunk extensions (CVE-2024-52304) and two sandbox breakout vulnerabilities in Jinja templating through malicious filenames (CVE-2024-56201) and indirect reference to the format method (CVE-2024-56326). These issues affect the ee-minimal-container used in the platform. Red Hat has issued an important security advisory (RHSA-2025:1101) addressing these vulnerabilities with updated container images.

Two high-severity vulnerabilities (CVE-2024-56201 and CVE-2024-56326) affect the fence-agents packages in Red Hat Enterprise Linux 9. These vulnerabilities involve sandbox breakout issues in the Jinja templating engine used by fence-agents, allowing potential escape from sandbox restrictions via indirect references to the format method and malicious filenames. Fence-agents are critical for remote power management in clusters, enabling forced restart and removal of failed or unreachable nodes. Red Hat has issued a security advisory (RHSA-2025:0308) providing updates to address these issues. The advisory covers multiple Red Hat Enterprise Linux 9 variants and related high availability and resilient storage products. Patch status is confirmed as available through this update. No known exploits in the wild have been reported at this time.

Red Hat has issued a security advisory for the fence-agents packages used in Red Hat Enterprise Linux 9. 2 Extended Update Support and related variants. The update addresses two security vulnerabilities in the Jinja2 templating engine (CVE-2024-56201 and CVE-2024-56326) that allow sandbox breakout via malicious filenames or indirect references to the format method. These vulnerabilities could potentially allow an attacker to escape the Jinja2 sandbox, impacting systems that use fence-agents for remote power management in clusters. The advisory rates the update as Important and provides updated packages to remediate the issues.

This security advisory from Red Hat addresses vulnerabilities in the fence-agents packages used for remote power management in cluster environments. The update fixes two sandbox breakout vulnerabilities in the Jinja2 template engine (CVE-2024-56201 and CVE-2024-56326) that could be triggered via malicious filenames or indirect references to the format method. These vulnerabilities could allow an attacker to escape the Jinja2 sandbox, potentially leading to unauthorized code execution. The affected products include various Red Hat Enterprise Linux 9. 4 Extended Update Support and Update Services for SAP Solutions variants. Red Hat has released an important security update to address these issues. No known exploits in the wild have been reported. Users should apply the provided update to mitigate the vulnerabilities.

Red Hat has issued a security advisory for the fence-agents packages used in Red Hat Enterprise Linux 9. 0 and related variants. The update addresses two vulnerabilities in the Jinja2 template engine (CVE-2024-56201 and CVE-2024-56326) that allow sandbox breakout via malicious filenames or indirect references to the format method. These vulnerabilities could potentially allow an attacker to escape the Jinja2 sandbox environment. The advisory rates the security impact as Important and provides updated packages to remediate the issues. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Container Platform 4. 17. 14 includes security updates addressing two vulnerabilities in the Jinja2 template engine that allow sandbox breakout via malicious filenames and indirect references to the format method. These vulnerabilities are identified as CVE-2024-56201 and CVE-2024-56326. The update is rated as having an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 17 are advised to upgrade to the updated packages and container images available through the official release channels to mitigate these issues.

Red Hat Ansible Automation Platform 2. 4 contains multiple security vulnerabilities including sandbox breakout issues in Jinja templating and a potential SQL injection vulnerability in the HasKey(lhs, rhs) function on Oracle databases. These vulnerabilities affect the automation-controller component and the python3-jinja2 package. Red Hat has released updates addressing these issues in automation-controller version 4. 5. 17 and python3-jinja2 version 3. 1. 5. The advisory rates the security impact as Important and provides fixes in the updated packages. No known exploits in the wild have been reported at this time.

Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including sandbox breakout issues in Jinja templating (CVE-2024-56201, CVE-2024-56326) and potential denial-of-service vulnerabilities in Django components (CVE-2024-53907, CVE-2024-56374). These vulnerabilities affect the automation-controller and related Python packages. Red Hat has released updates addressing these issues in automation-controller 4. 6. 7, python3. 11-django 4. 2. 18, and python3. 11-jinja2 3.

Red Hat OpenShift Container Platform 4. 12. 72 includes security updates addressing two vulnerabilities in the Jinja2 template engine that allow sandbox breakout via malicious filenames and indirect references to the format method. These vulnerabilities are identified as CVE-2024-56201 and CVE-2024-56326. The issues affect on-premise or private cloud deployments of OpenShift Container Platform 4. 12. Users are advised to upgrade to the updated packages and container images available through the appropriate release channels to mitigate these risks.