Threats Tagged 'cve-2024-56374'

Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities including sandbox breakout issues in Jinja templating (CVE-2024-56201, CVE-2024-56326) and potential denial-of-service vulnerabilities in Django components (CVE-2024-53907, CVE-2024-56374). These vulnerabilities affect the automation-controller and related Python packages. Red Hat has released updates addressing these issues in automation-controller 4. 6. 7, python3. 11-django 4. 2. 18, and python3. 11-jinja2 3.

Red Hat Satellite 6. 16. 3 includes security fixes addressing multiple vulnerabilities: a sandbox breakout in python-jinja2 (CVE-2024-56326) and a potential denial-of-service vulnerability in python-django's IPv6 validation (CVE-2024-56374). These issues could impact system management operations performed by Red Hat Satellite, a solution for provisioning and configuration management. Users are advised to upgrade to the updated packages provided by Red Hat to remediate these vulnerabilities. The update is rated as having a moderate security impact. No known exploits are reported in the wild at this time.

Red Hat Satellite 6. 17. 0 includes security fixes addressing multiple vulnerabilities: a potential denial-of-service in python-django's IPv6 validation (CVE-2024-56374), a sandbox breakout in python-jinja2 via indirect format method reference (CVE-2024-56326), a local file inclusion in rubygem-rack (CVE-2025-27610), and remote code execution in rubygem-graphql when loading crafted GraphQL schemas (CVE-2025-27407). These vulnerabilities affect system management and provisioning functions of Red Hat Satellite 6. 17 for RHEL 9. The update is classified by Red Hat Product Security as having a Moderate security impact overall. No known exploits in the wild have been reported at this time. The advisory recommends applying the new Satellite 6. 17. 0 release after ensuring all previous errata are applied.