VulnerableCode Package Details - pkg:gem/katello@4.0.0.rc3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/katello@4.0.0.rc3

Essentials
History (1)

purl	pkg:gem/katello@4.0.0.rc3

Next non-vulnerable version	4.19.1
Latest non-vulnerable version	4.19.1
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-zqkc-zwfa-1qfx Aliases: CVE-2026-4324 GHSA-fwj4-6wgp-mpxm	Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.	4.19.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T18:06:58.932916+00:00	GitLab Importer	Affected by	VCID-zqkc-zwfa-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2026-4324.yml	38.4.0