Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/pulp@2.18.1.1-1?arch=el7sat
purl pkg:rpm/redhat/pulp@2.18.1.1-1?arch=el7sat
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-ftzy-9uny-byfb
Aliases:
CVE-2018-16887
GHSA-mhhc-r88h-2qrm
Cross-site Scripting A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable. There are no reported fixed by versions.
VCID-m29v-624x-kkha
Aliases:
CVE-2019-3891
candlepin: credentials exposure through log files There are no reported fixed by versions.
VCID-pyr1-73vu-93ej
Aliases:
CVE-2018-14664
foreman: Persisted XSS on all pages that use breadcrumbs There are no reported fixed by versions.
VCID-rnuk-n3a6-cbh9
Aliases:
CVE-2018-16861
foreman: stored XSS in success notification after entity creation There are no reported fixed by versions.
VCID-wbgc-tuj3-47by
Aliases:
CVE-2016-6346
GHSA-wxvr-vqfp-9cqw
Uncontrolled Resource Consumption RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors. There are no reported fixed by versions.
VCID-wucb-ckae-97aq
Aliases:
CVE-2018-10917
GHSA-574p-6fw4-4hw8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:35:21.272536+00:00 RedHat Importer Affected by VCID-wbgc-tuj3-47by https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json 38.0.0
2026-04-01T14:22:42.709455+00:00 RedHat Importer Affected by VCID-wucb-ckae-97aq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json 38.0.0
2026-04-01T14:22:32.602364+00:00 RedHat Importer Affected by VCID-rnuk-n3a6-cbh9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json 38.0.0
2026-04-01T14:22:11.536529+00:00 RedHat Importer Affected by VCID-pyr1-73vu-93ej https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json 38.0.0
2026-04-01T14:22:06.574204+00:00 RedHat Importer Affected by VCID-ftzy-9uny-byfb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json 38.0.0
2026-04-01T14:20:15.632814+00:00 RedHat Importer Affected by VCID-m29v-624x-kkha https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json 38.0.0