Search for packages
| purl | pkg:gem/katello@3.17.0.rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zqkc-zwfa-1qfx
Aliases: CVE-2026-4324 GHSA-fwj4-6wgp-mpxm |
Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6wbv-1r3c-akd3 | Improper Privilege Management A flaw was found in Foreman's katello plugin. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. |
CVE-2017-2662
GHSA-cpv6-pfq6-j2v7 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-19T18:06:58.831033+00:00 | GitLab Importer | Affected by | VCID-zqkc-zwfa-1qfx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2026-4324.yml | 38.4.0 |
| 2026-04-01T16:01:36.347517+00:00 | GHSA Importer | Fixing | VCID-6wbv-1r3c-akd3 | https://github.com/advisories/GHSA-cpv6-pfq6-j2v7 | 38.0.0 |
| 2026-04-01T13:10:52.017358+00:00 | GithubOSV Importer | Fixing | VCID-6wbv-1r3c-akd3 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpv6-pfq6-j2v7/GHSA-cpv6-pfq6-j2v7.json | 38.0.0 |