VulnerableCode Package Details - pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.0.1-1?arch=el7sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.0.1-1?arch=el7sat

Essentials
History (14)

purl	pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.0.1-1?arch=el7sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-2g54-3acq-pbha Aliases: CVE-2020-10716	rubygem-foreman_ansible: "User input" entry from Job Invocation may contain sensitive data	There are no reported fixed by versions.
VCID-3af2-c1m7-3kdr Aliases: CVE-2019-10198	foreman: authorization bypasses in foreman-tasks leading to information disclosure	There are no reported fixed by versions.
VCID-3t8t-yt9b-1fce Aliases: CVE-2016-10516 GHSA-h2fp-xgx6-xh6f PYSEC-2017-43	Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.	There are no reported fixed by versions.
VCID-6fxc-s6ht-x7ht Aliases: CVE-2016-10745 GHSA-hj2j-77xm-mc5v PYSEC-2019-220	In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.	There are no reported fixed by versions.
VCID-6wxf-ewtr-z3hb Aliases: CVE-2019-10906 GHSA-462w-v97r-4m45 PYSEC-2019-217	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.	There are no reported fixed by versions.
VCID-9wej-f7zx-pfeq Aliases: CVE-2019-12086 GHSA-5ww9-j83m-q7qx	Information exposure in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.	There are no reported fixed by versions.
VCID-bhq3-j6aj-1yae Aliases: CVE-2019-10086 GHSA-6phf-73q6-gh87	Insecure Deserialization in Apache Commons Beanutils In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.	There are no reported fixed by versions.
VCID-bsbd-bsbq-7qdk Aliases: CVE-2019-14825 GHSA-m4wh-848j-9w2r	Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.	There are no reported fixed by versions.
VCID-hmcs-7s53-mbft Aliases: CVE-2019-3893	foreman: Recover of plaintext password or token for the compute resources	There are no reported fixed by versions.
VCID-mv26-fzn6-vycf Aliases: CVE-2017-17718 GHSA-m7p8-9w66-9frm	No validation of hostname certificate Net-ldap does not validate the hostname certificate. Ruby is relying on OpenSSL, and one common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. did not perform hostname validation. and up contain support for hostname validation, but they still require the user to call a few functions to set it up.	There are no reported fixed by versions.
VCID-nmya-eyxd-9ybe Aliases: CVE-2018-1000632 GHSA-6pcc-3rfx-4gpm	dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.	There are no reported fixed by versions.
VCID-sw69-1r7d-kkht Aliases: CVE-2018-16470 GHSA-hg78-4f6x-99wq	Uncontrolled Resource Consumption There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.	There are no reported fixed by versions.
VCID-z6er-42pm-7ubq Aliases: CVE-2019-0231 GHSA-5h29-qq92-wj7f	Cleartext Transmission of Sensitive Information in Apache MINA Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.	There are no reported fixed by versions.
VCID-zx5n-czhy-6qgu Aliases: CVE-2019-12387 GHSA-6cc5-2vg4-cc7m PYSEC-2019-128	In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:38:11.291721+00:00	RedHat Importer	Affected by	VCID-mv26-fzn6-vycf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json	38.0.0
2026-04-01T14:32:45.677862+00:00	RedHat Importer	Affected by	VCID-6fxc-s6ht-x7ht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json	38.0.0
2026-04-01T14:27:19.602672+00:00	RedHat Importer	Affected by	VCID-3t8t-yt9b-1fce	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json	38.0.0
2026-04-01T14:23:38.757934+00:00	RedHat Importer	Affected by	VCID-nmya-eyxd-9ybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json	38.0.0
2026-04-01T14:21:39.569532+00:00	RedHat Importer	Affected by	VCID-sw69-1r7d-kkht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json	38.0.0
2026-04-01T14:20:33.162045+00:00	RedHat Importer	Affected by	VCID-6wxf-ewtr-z3hb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json	38.0.0
2026-04-01T14:20:26.632976+00:00	RedHat Importer	Affected by	VCID-hmcs-7s53-mbft	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3893.json	38.0.0
2026-04-01T14:20:04.728549+00:00	RedHat Importer	Affected by	VCID-z6er-42pm-7ubq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0231.json	38.0.0
2026-04-01T14:19:38.281987+00:00	RedHat Importer	Affected by	VCID-9wej-f7zx-pfeq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12086.json	38.0.0
2026-04-01T14:18:59.723083+00:00	RedHat Importer	Affected by	VCID-zx5n-czhy-6qgu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json	38.0.0
2026-04-01T14:18:21.240916+00:00	RedHat Importer	Affected by	VCID-3af2-c1m7-3kdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10198.json	38.0.0
2026-04-01T14:17:57.573543+00:00	RedHat Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json	38.0.0
2026-04-01T14:17:05.332338+00:00	RedHat Importer	Affected by	VCID-bhq3-j6aj-1yae	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10086.json	38.0.0
2026-04-01T14:08:41.474120+00:00	RedHat Importer	Affected by	VCID-2g54-3acq-pbha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10716.json	38.0.0