VulnerableCode Package Details - pkg:gem/katello@4.19.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/katello@4.19.1

Essentials
History (3)

purl	pkg:gem/katello@4.19.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-zqkc-zwfa-1qfx	Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.	CVE-2026-4324 GHSA-fwj4-6wgp-mpxm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-18T04:14:56.907606+00:00	GitLab Importer	Fixing	VCID-zqkc-zwfa-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2026-4324.yml	38.4.0
2026-04-02T17:01:10.777439+00:00	GHSA Importer	Fixing	VCID-zqkc-zwfa-1qfx	https://github.com/advisories/GHSA-fwj4-6wgp-mpxm	38.1.0
2026-04-01T12:53:49.725031+00:00	GithubOSV Importer	Fixing	VCID-zqkc-zwfa-1qfx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-fwj4-6wgp-mpxm/GHSA-fwj4-6wgp-mpxm.json	38.0.0