Search for packages
| purl | pkg:rpm/redhat/automation-controller@4.6.20-1?arch=el9ap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-896g-hqec-ryb9
Aliases: BIT-django-2025-48432 CVE-2025-48432 GHSA-7xr5-9hcq-chf9 PYSEC-2025-47 |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | There are no reported fixed by versions. |
|
VCID-w4pr-k5nj-ckgy
Aliases: CVE-2025-57833 GHSA-6w2r-r2m5-xq5w |
Django is subject to SQL injection through its column aliases An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:39:38.009799+00:00 | RedHat Importer | Affected by | VCID-896g-hqec-ryb9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json | 38.0.0 |
| 2026-04-01T13:37:33.579586+00:00 | RedHat Importer | Affected by | VCID-w4pr-k5nj-ckgy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json | 38.0.0 |