RHSA-2024:3781
Advisory lineage Upstream: 20 Downstream: 0
Published: 02 Oct 2024, 11:01
Last modified:03 Jun 2026, 10:07
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
8.1 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Oct 2024, 11:01
Published
Vulnerability first disclosed
03 Jun 2026, 10:07
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•automation-controller-venv-tower
< 0:4.5.7-1.el8ap | < 0:4.5.7-1.el9ap
- redhat•automation-hub
< 0:4.9.2-1.el8ap | < 0:4.9.2-1.el9ap
- redhat•python-aiohttp
< 0:3.9.5-1.el9ap
- redhat•python-aiohttp-debugsource
< 0:3.9.5-1.el9ap
- redhat•python-black
< 0:22.8.0-2.el9ap
- redhat•python-cryptography
< 0:42.0.5-1.el9ap
- redhat•python-cryptography-debugsource
< 0:42.0.5-1.el9ap
- redhat•python-galaxy-ng
< 0:4.9.2-1.el9ap
- redhat•python-gunicorn
< 0:22.0.0-1.el9ap
- redhat•python-idna
< 0:3.7-1.el9ap
- redhat•python-jinja2
< 0:3.1.4-1.el9ap
- redhat•python-pillow
< 0:10.3.0-1.el9ap
- redhat•python-pillow-debugsource
< 0:10.3.0-1.el9ap
- redhat•python-pydantic
< 0:1.10.15-1.el9ap
- redhat•python-requests
< 0:2.32.2-1.el9ap
- redhat•python-social-auth-app-django
< 0:5.4.1-1.el9ap
- redhat•python-sqlparse
< 0:0.5.0-1.el9ap
- redhat•python3-aiohttp
< 0:3.9.5-1.el9ap
- redhat•python3-aiohttp-debuginfo
< 0:3.9.5-1.el9ap
- redhat•python3-black
< 0:22.8.0-2.el9ap
- redhat•python3-cryptography
< 0:42.0.5-1.el9ap
- redhat•python3-cryptography-debuginfo
< 0:42.0.5-1.el9ap
- redhat•python3-galaxy-ng
< 0:4.9.2-1.el9ap
- redhat•python3-gunicorn
< 0:22.0.0-1.el9ap
- redhat•python3-idna
< 0:3.7-1.el9ap
- redhat•python3-jinja2
< 0:3.1.4-1.el9ap
- redhat•python3-pillow
< 0:10.3.0-1.el9ap
- redhat•python3-pillow-debuginfo
< 0:10.3.0-1.el9ap
- redhat•python3-pydantic
< 0:1.10.15-1.el9ap
- redhat•python3-requests
< 0:2.32.2-1.el9ap
- redhat•python3-social-auth-app-django
< 0:5.4.1-1.el9ap
- redhat•python3-sqlparse
< 0:0.5.0-1.el9ap
- redhat•python39-aiohttp
< 0:3.9.5-1.el8ap
- redhat•python39-aiohttp-debuginfo
< 0:3.9.5-1.el8ap
- redhat•python39-black
< 0:22.8.0-2.el8ap
- redhat•python39-cryptography
< 0:42.0.5-1.el8ap
- redhat•python39-cryptography-debuginfo
< 0:42.0.5-1.el8ap
- redhat•python39-galaxy-ng
< 0:4.9.2-1.el8ap
- redhat•python39-gunicorn
< 0:22.0.0-1.el8ap
- redhat•python39-idna
< 0:3.7-1.el8ap
- redhat•python39-jinja2
< 0:3.1.4-1.el8ap
- redhat•python39-pillow
< 0:10.3.0-1.el8ap
- redhat•python39-pillow-debuginfo
< 0:10.3.0-1.el8ap
- redhat•python39-pydantic
< 0:1.10.15-1.el8ap
- redhat•python39-requests
< 0:2.32.2-1.el8ap
- redhat•python39-social-auth-app-django
< 0:5.4.1-1.el8ap
- redhat•python39-sqlparse
< 0:0.5.0-1.el8ap
- redhat•python3x-aiohttp
< 0:3.9.5-1.el8ap
- redhat•python3x-aiohttp-debugsource
< 0:3.9.5-1.el8ap
- redhat•python3x-black
< 0:22.8.0-2.el8ap
Showing first 50 affected entries in server-rendered view.
References (122)
- https://access.redhat.com/errata/RHSA-2024:3781
- https://access.redhat.com/security/updates/classification/#moderate
- https://bugzilla.redhat.com/show_bug.cgi?id=2250765
- https://bugzilla.redhat.com/show_bug.cgi?id=2255331
- https://bugzilla.redhat.com/show_bug.cgi?id=2259479
- https://bugzilla.redhat.com/show_bug.cgi?id=2266045
- https://bugzilla.redhat.com/show_bug.cgi?id=2268017
- https://bugzilla.redhat.com/show_bug.cgi?id=2268019
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273
- https://bugzilla.redhat.com/show_bug.cgi?id=2269576
- https://bugzilla.redhat.com/show_bug.cgi?id=2269617
- https://bugzilla.redhat.com/show_bug.cgi?id=2270236
- https://bugzilla.redhat.com/show_bug.cgi?id=2272563
- https://bugzilla.redhat.com/show_bug.cgi?id=2274779
- https://bugzilla.redhat.com/show_bug.cgi?id=2275106
- https://bugzilla.redhat.com/show_bug.cgi?id=2275280
- https://bugzilla.redhat.com/show_bug.cgi?id=2275989
- https://bugzilla.redhat.com/show_bug.cgi?id=2277035
- https://bugzilla.redhat.com/show_bug.cgi?id=2278038
- https://bugzilla.redhat.com/show_bug.cgi?id=2278710
- https://bugzilla.redhat.com/show_bug.cgi?id=2279476
- https://bugzilla.redhat.com/show_bug.cgi?id=2282114
- https://issues.redhat.com/browse/AAH-3111
- https://issues.redhat.com/browse/AAP-22461
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3781.json
- https://access.redhat.com/security/cve/CVE-2023-5752
- https://www.cve.org/CVERecord?id=CVE-2023-5752
- https://nvd.nist.gov/vuln/detail/CVE-2023-5752
- https://github.com/pypa/pip/pull/12306
- https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
- https://access.redhat.com/security/cve/CVE-2023-45288
- https://www.cve.org/CVERecord?id=CVE-2023-45288
- https://nvd.nist.gov/vuln/detail/CVE-2023-45288
- https://nowotarski.info/http2-continuation-flood/
- https://pkg.go.dev/vuln/GO-2024-2687
- https://www.kb.cert.org/vuls/id/421644
- https://access.redhat.com/security/cve/CVE-2023-45290
- https://www.cve.org/CVERecord?id=CVE-2023-45290
- https://nvd.nist.gov/vuln/detail/CVE-2023-45290
- http://www.openwall.com/lists/oss-security/2024/03/08/4
- https://go.dev/cl/569341
- https://go.dev/issue/65383
- https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
- https://pkg.go.dev/vuln/GO-2024-2599
- https://security.netapp.com/advisory/ntap-20240329-0004
- https://access.redhat.com/security/cve/CVE-2023-49083
- https://www.cve.org/CVERecord?id=CVE-2023-49083
- https://nvd.nist.gov/vuln/detail/CVE-2023-49083
- https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
- https://github.com/pyca/cryptography/pull/9926
- https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
- https://access.redhat.com/security/cve/CVE-2023-50447
- https://www.cve.org/CVERecord?id=CVE-2023-50447
- https://nvd.nist.gov/vuln/detail/CVE-2023-50447
- http://www.openwall.com/lists/oss-security/2024/01/20/1
- https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
- https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
- https://github.com/python-pillow/Pillow/releases
- https://access.redhat.com/security/cve/CVE-2024-1135
- https://www.cve.org/CVERecord?id=CVE-2024-1135
- https://nvd.nist.gov/vuln/detail/CVE-2024-1135
- https://github.com/advisories/GHSA-w3h3-4rj7-4ph4
- https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d
- https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
- https://access.redhat.com/security/cve/CVE-2024-3651
- https://www.cve.org/CVERecord?id=CVE-2024-3651
- https://nvd.nist.gov/vuln/detail/CVE-2024-3651
- https://access.redhat.com/security/cve/CVE-2024-3772
- https://www.cve.org/CVERecord?id=CVE-2024-3772
- https://nvd.nist.gov/vuln/detail/CVE-2024-3772
- https://access.redhat.com/security/cve/CVE-2024-4340
- https://www.cve.org/CVERecord?id=CVE-2024-4340
- https://nvd.nist.gov/vuln/detail/CVE-2024-4340
- https://github.com/advisories/GHSA-2m57-hf25-phgg
- https://access.redhat.com/security/cve/CVE-2024-21503
- https://www.cve.org/CVERecord?id=CVE-2024-21503
- https://nvd.nist.gov/vuln/detail/CVE-2024-21503
- https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8
- https://github.com/psf/black/releases/tag/24.3.0
- https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273
- https://access.redhat.com/security/cve/CVE-2024-24783
- https://www.cve.org/CVERecord?id=CVE-2024-24783
- https://nvd.nist.gov/vuln/detail/CVE-2024-24783
- https://github.com/advisories/GHSA-3q2c-pvp5-3cqp
- https://go.dev/cl/569339
- https://go.dev/issue/65390
- https://pkg.go.dev/vuln/GO-2024-2598
- https://security.netapp.com/advisory/ntap-20240329-0005
- https://access.redhat.com/security/cve/CVE-2024-26130
- https://www.cve.org/CVERecord?id=CVE-2024-26130
- https://nvd.nist.gov/vuln/detail/CVE-2024-26130
- https://access.redhat.com/security/cve/CVE-2024-27306
- https://www.cve.org/CVERecord?id=CVE-2024-27306
- https://nvd.nist.gov/vuln/detail/CVE-2024-27306
- https://access.redhat.com/security/cve/CVE-2024-27351
- https://www.cve.org/CVERecord?id=CVE-2024-27351
- https://nvd.nist.gov/vuln/detail/CVE-2024-27351
- https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
- https://access.redhat.com/security/cve/CVE-2024-28219
- https://www.cve.org/CVERecord?id=CVE-2024-28219
- https://nvd.nist.gov/vuln/detail/CVE-2024-28219
- https://access.redhat.com/security/cve/CVE-2024-28849
- https://www.cve.org/CVERecord?id=CVE-2024-28849
- https://nvd.nist.gov/vuln/detail/CVE-2024-28849
- https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
- https://access.redhat.com/security/cve/CVE-2024-30251
- https://www.cve.org/CVERecord?id=CVE-2024-30251
- https://nvd.nist.gov/vuln/detail/CVE-2024-30251
- https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
- https://www.openwall.com/lists/oss-security/2024/05/02/4
- https://access.redhat.com/security/cve/CVE-2024-32879
- https://www.cve.org/CVERecord?id=CVE-2024-32879
- https://nvd.nist.gov/vuln/detail/CVE-2024-32879
- https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
- https://access.redhat.com/security/cve/CVE-2024-34064
- https://www.cve.org/CVERecord?id=CVE-2024-34064
- https://nvd.nist.gov/vuln/detail/CVE-2024-34064
- https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
- https://access.redhat.com/security/cve/CVE-2024-35195
- https://www.cve.org/CVERecord?id=CVE-2024-35195
- https://nvd.nist.gov/vuln/detail/CVE-2024-35195
- https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56