Search for packages
| purl | pkg:rpm/redhat/automation-controller@4.5.12-1?arch=el8ap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-562c-1hjs-hqau
Aliases: CVE-2024-41810 GHSA-cf56-g6w6-pqq2 PYSEC-2024-75 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. | There are no reported fixed by versions. |
|
VCID-5tkp-pxz9-h7c2
Aliases: CVE-2024-37891 GHSA-34jh-p97f-mpxf |
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. ## Affected usages We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: * Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. * Not disabling HTTP redirects. * Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. ## Remediation * Using the `Proxy-Authorization` header with urllib3's `ProxyManager`. * Disabling HTTP redirects using `redirects=False` when sending requests. * Not using the `Proxy-Authorization` header. | There are no reported fixed by versions. |
|
VCID-exen-v4sg-mudc
Aliases: CVE-2024-21520 GHSA-gw84-84pc-xp82 |
Cross-site Scripting in djangorestframework Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:46:49.143518+00:00 | RedHat Importer | Affected by | VCID-5tkp-pxz9-h7c2 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json | 38.0.0 |
| 2026-04-01T13:46:35.916348+00:00 | RedHat Importer | Affected by | VCID-exen-v4sg-mudc | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21520.json | 38.0.0 |
| 2026-04-01T13:45:58.402612+00:00 | RedHat Importer | Affected by | VCID-562c-1hjs-hqau | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json | 38.0.0 |