VulnerableCode Package Details - pkg:rpm/redhat/automation-controller@4.5.10-1?arch=el8ap

Search for packages

Vulnerability	Summary	Fixed by
VCID-4ct3-hxkg-63gv Aliases: CVE-2024-32879 GHSA-2gr8-3wc7-xhj3	social-auth-app-django affected by Improper Handling of Case Sensitivity ### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.	There are no reported fixed by versions.
VCID-7tph-k8q2-bue2 Aliases: BIT-django-2024-41991 CVE-2024-41991 GHSA-r836-hh6v-rg5g PYSEC-2024-69	An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.	There are no reported fixed by versions.
VCID-m91a-6235-nye9 Aliases: BIT-django-2024-42005 CVE-2024-42005 GHSA-pv4p-cwwg-4rph PYSEC-2024-70	An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.	There are no reported fixed by versions.
VCID-r1qa-ch1y-ufhz Aliases: CVE-2024-6840	automation-controller: Gain access to the k8s API server via job execution with Container Group	There are no reported fixed by versions.
VCID-u3zk-tff2-aua9 Aliases: BIT-django-2024-39614 CVE-2024-39614 GHSA-f6f8-9mx6-9mx2 PYSEC-2024-59	An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.	There are no reported fixed by versions.
VCID-vnjx-j746-z3fn Aliases: CVE-2024-33663 GHSA-6c5p-j8vq-pqhj PYSEC-2024-232	python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.	There are no reported fixed by versions.
VCID-xhpa-mffz-syfy Aliases: BIT-django-2024-41990 CVE-2024-41990 GHSA-795c-9xpc-xw6g PYSEC-2024-68	An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4ct3-hxkg-63gv
Aliases:
CVE-2024-32879
GHSA-2gr8-3wc7-xhj3

social-auth-app-django affected by Improper Handling of Case Sensitivity ### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.