VulnerableCode Package Details - pkg:rpm/redhat/tfm-rubygem-prometheus-client@0.7.1-3?arch=el7sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/tfm-rubygem-prometheus-client@0.7.1-3?arch=el7sat

Essentials
History (15)

purl	pkg:rpm/redhat/tfm-rubygem-prometheus-client@0.7.1-3?arch=el7sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-3af2-c1m7-3kdr Aliases: CVE-2019-10198	foreman: authorization bypasses in foreman-tasks leading to information disclosure	There are no reported fixed by versions.
VCID-3t8t-yt9b-1fce Aliases: CVE-2016-10516 GHSA-h2fp-xgx6-xh6f PYSEC-2017-43	Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.	There are no reported fixed by versions.
VCID-6fxc-s6ht-x7ht Aliases: CVE-2016-10745 GHSA-hj2j-77xm-mc5v PYSEC-2019-220	In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.	There are no reported fixed by versions.
VCID-6wxf-ewtr-z3hb Aliases: CVE-2019-10906 GHSA-462w-v97r-4m45 PYSEC-2019-217	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.	There are no reported fixed by versions.
VCID-bsbd-bsbq-7qdk Aliases: CVE-2019-14825 GHSA-m4wh-848j-9w2r	Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.	There are no reported fixed by versions.
VCID-ftzy-9uny-byfb Aliases: CVE-2018-16887 GHSA-mhhc-r88h-2qrm	Cross-site Scripting A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable.	There are no reported fixed by versions.
VCID-hmcs-7s53-mbft Aliases: CVE-2019-3893	foreman: Recover of plaintext password or token for the compute resources	There are no reported fixed by versions.
VCID-m29v-624x-kkha Aliases: CVE-2019-3891	candlepin: credentials exposure through log files	There are no reported fixed by versions.
VCID-nmya-eyxd-9ybe Aliases: CVE-2018-1000632 GHSA-6pcc-3rfx-4gpm	dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.	There are no reported fixed by versions.
VCID-pyr1-73vu-93ej Aliases: CVE-2018-14664	foreman: Persisted XSS on all pages that use breadcrumbs	There are no reported fixed by versions.
VCID-rnuk-n3a6-cbh9 Aliases: CVE-2018-16861	foreman: stored XSS in success notification after entity creation	There are no reported fixed by versions.
VCID-sw69-1r7d-kkht Aliases: CVE-2018-16470 GHSA-hg78-4f6x-99wq	Uncontrolled Resource Consumption There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.	There are no reported fixed by versions.
VCID-wbgc-tuj3-47by Aliases: CVE-2016-6346 GHSA-wxvr-vqfp-9cqw	Uncontrolled Resource Consumption RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors.	There are no reported fixed by versions.
VCID-wucb-ckae-97aq Aliases: CVE-2018-10917 GHSA-574p-6fw4-4hw8	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.	There are no reported fixed by versions.
VCID-zx5n-czhy-6qgu Aliases: CVE-2019-12387 GHSA-6cc5-2vg4-cc7m PYSEC-2019-128	In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:35:20.721041+00:00	RedHat Importer	Affected by	VCID-wbgc-tuj3-47by	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json	38.0.0
2026-04-01T14:32:48.027669+00:00	RedHat Importer	Affected by	VCID-6fxc-s6ht-x7ht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json	38.0.0
2026-04-01T14:27:20.379460+00:00	RedHat Importer	Affected by	VCID-3t8t-yt9b-1fce	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json	38.0.0
2026-04-01T14:23:40.527614+00:00	RedHat Importer	Affected by	VCID-nmya-eyxd-9ybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json	38.0.0
2026-04-01T14:22:42.122144+00:00	RedHat Importer	Affected by	VCID-wucb-ckae-97aq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json	38.0.0
2026-04-01T14:22:32.079825+00:00	RedHat Importer	Affected by	VCID-rnuk-n3a6-cbh9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json	38.0.0
2026-04-01T14:22:11.002007+00:00	RedHat Importer	Affected by	VCID-pyr1-73vu-93ej	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json	38.0.0
2026-04-01T14:22:06.005040+00:00	RedHat Importer	Affected by	VCID-ftzy-9uny-byfb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json	38.0.0
2026-04-01T14:21:41.048437+00:00	RedHat Importer	Affected by	VCID-sw69-1r7d-kkht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json	38.0.0
2026-04-01T14:20:34.944653+00:00	RedHat Importer	Affected by	VCID-6wxf-ewtr-z3hb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json	38.0.0
2026-04-01T14:20:28.121892+00:00	RedHat Importer	Affected by	VCID-hmcs-7s53-mbft	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3893.json	38.0.0
2026-04-01T14:20:15.080918+00:00	RedHat Importer	Affected by	VCID-m29v-624x-kkha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json	38.0.0
2026-04-01T14:19:01.274012+00:00	RedHat Importer	Affected by	VCID-zx5n-czhy-6qgu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json	38.0.0
2026-04-01T14:18:22.656471+00:00	RedHat Importer	Affected by	VCID-3af2-c1m7-3kdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10198.json	38.0.0
2026-04-01T14:17:58.979912+00:00	RedHat Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json	38.0.0