VulnerableCode Package Details - pkg:rpm/redhat/automation-controller@4.6.6-1?arch=el8ap

Search for packages

Vulnerability	Summary	Fixed by
VCID-3sac-ah8j-pucd Aliases: BIT-django-2024-53908 CVE-2024-53908 GHSA-m9g8-fxxm-xg86 PYSEC-2024-157	Django SQL injection in HasKey(lhs, rhs) on Oracle An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)	There are no reported fixed by versions.
VCID-6g6x-9wx8-uqa5 Aliases: CVE-2024-11407	grpc: Denial of Service through Data corruption in gRPC-C++	There are no reported fixed by versions.
VCID-wwa5-mhgu-9khz Aliases: CVE-2024-53907 GHSA-8498-2h75-472j	Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3sac-ah8j-pucd
Aliases:
BIT-django-2024-53908
CVE-2024-53908
GHSA-m9g8-fxxm-xg86
PYSEC-2024-157

Django SQL injection in HasKey(lhs, rhs) on Oracle An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

There are no reported fixed by versions.

VCID-6g6x-9wx8-uqa5
Aliases:
CVE-2024-11407

grpc: Denial of Service through Data corruption in gRPC-C++

There are no reported fixed by versions.

VCID-wwa5-mhgu-9khz
Aliases:
CVE-2024-53907
GHSA-8498-2h75-472j

Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:43:50.252827+00:00	RedHat Importer	Affected by	VCID-6g6x-9wx8-uqa5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11407.json	38.0.0
2026-04-01T13:43:45.886370+00:00	RedHat Importer	Affected by	VCID-wwa5-mhgu-9khz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json	38.0.0
2026-04-01T13:43:45.800188+00:00	RedHat Importer	Affected by	VCID-3sac-ah8j-pucd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json	38.0.0