Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0781
HistoryMar 09, 2021 - 3:08 p.m.

(RHSA-2021:0781) Moderate: Red Hat Ansible Automation Platform 1.2.2 security and bug fix update

2021-03-0915:08:01
access.redhat.com
47

0.01 Low

EPSS

Percentile

83.4%

JSON

Red Hat Ansible Automation Platform integrates Red Hat’s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness.

This update fixes various bugs and adds enhancements. Documentation for
these changes is available from the Release Notes document linked to in the
References section.

Security Fix(es):

  • node-notifier: nodejs-node-notifier: command injection due to the options params not being sanitised when being passed an array (CVE-2020-7789)
  • nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
  • django: Potential directory-traversal via archive.extract() (CVE-2021-3281)
  • python-pygments: infinite loop in SML lexer may lead to DoS (CVE-2021-20270)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchpython3-bleach-allowlist< 1.0.3-1.el7pcpython3-bleach-allowlist-1.0.3-1.el7pc.noarch.rpm
RedHat8noarchpython3-galaxy-ng< 4.2.2-1.el8pcpython3-galaxy-ng-4.2.2-1.el8pc.noarch.rpm
RedHat7noarchpython3-django< 2.2.18-1.el7pcpython3-django-2.2.18-1.el7pc.noarch.rpm
RedHat7noarchpython3-galaxy-ng< 4.2.2-1.el7pcpython3-galaxy-ng-4.2.2-1.el7pc.noarch.rpm
RedHat8noarchpython3-galaxy-importer< 0.2.15-1.el8pcpython3-galaxy-importer-0.2.15-1.el8pc.noarch.rpm
RedHat7noarchautomation-hub< 4.2.2-1.el7pcautomation-hub-4.2.2-1.el7pc.noarch.rpm
RedHat8noarchautomation-hub< 4.2.2-1.el8pcautomation-hub-4.2.2-1.el8pc.noarch.rpm
RedHat8noarchpython3-bleach< 3.3.0-1.el8pcpython3-bleach-3.3.0-1.el8pc.noarch.rpm
RedHat7noarchpython3-bleach< 3.3.0-1.el7pcpython3-bleach-3.3.0-1.el7pc.noarch.rpm
RedHat8noarchpython3-bleach-allowlist< 1.0.3-1.el8pcpython3-bleach-allowlist-1.0.3-1.el8pc.noarch.rpm
Rows per page:
1-10 of 141

Related

nessus 43
osv 31
openvas 37
almalinux 2
oraclelinux 2
rocky 2
freebsd 1
redhat 2
ubuntu 4
veracode 4
cve 6
redhatcve 5
debian 7
prion 6
ubuntucve 5
github 6
nvd 4
cvelist 6
mageia 2
ibm 2
alpinelinux 3
debiancve 4
suse 4
cbl_mariner 4
fedora 3
amazon 2
githubexploit 1
archlinux 1
nessus
nessus
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)
2024-04-28 00:00:00
EulerOS 2.0 SP9 : python-pygments (EulerOS-SA-2021-2054)
2021-07-01 00:00:00
EulerOS 2.0 SP2 : python-pygments (EulerOS-SA-2021-2441)
2021-09-14 00:00:00
osv
osv
pygments vulnerabilities
2023-08-14 10:38:30
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
openvas
openvas
Ubuntu: Security Advisory (USN-4897-2)
2023-08-14 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1887)
2021-05-19 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2441)
2021-09-15 00:00:00
almalinux
almalinux
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
oraclelinux
oraclelinux
python36:3.6 security and bug fix update
2021-11-16 00:00:00
resource-agents security update
2021-11-19 00:00:00
rocky
rocky
python36:3.6 security and bug fix update
2021-11-09 08:24:37
resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
redhat
redhat
(RHSA-2021:4139) Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
(RHSA-2021:4150) Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
ubuntu
ubuntu
Pygments vulnerabilities
2023-08-14 00:00:00
Pygments vulnerability
2021-03-30 00:00:00
Pygments vulnerability
2021-03-22 00:00:00
veracode
veracode
Command Injection
2020-12-14 06:36:16
Prototype Pollution
2020-07-16 05:46:25
Denial Of Service (DoS)
2021-02-02 01:30:48
cve
cve
CVE-2020-7789
2020-12-11 10:15:12
CVE-2021-23980
2023-02-16 22:15:10
CVE-2020-15366
2020-07-15 20:15:13
redhatcve
redhatcve
CVE-2020-7789
2020-12-11 14:56:51
CVE-2021-23980
2021-03-30 16:04:58
CVE-2020-15366
2020-07-16 20:09:07
debian
debian
[SECURITY] [DLA 2620-1] python-bleach security update
2021-04-06 12:22:09
[SECURITY] [DSA 4892-1] python-bleach security update
2021-04-18 14:41:59
[SECURITY] [DSA 4892-1] python-bleach security update
2021-04-18 14:41:59
prion
prion
Design/Logic Flaw
2023-02-16 22:15:00
Design/Logic Flaw
2020-12-11 10:15:00
Code injection
2020-07-15 20:15:00
ubuntucve
ubuntucve
CVE-2021-23980
2023-02-16 00:00:00
CVE-2020-15366
2020-07-15 00:00:00
CVE-2021-27291
2021-03-17 00:00:00
github
github
Cross-site scripting in Bleach
2021-02-02 17:58:40
OS Command Injection in node-notifier
2020-12-21 16:04:07
Prototype Pollution in Ajv
2022-02-10 23:30:59
nvd
nvd
CVE-2020-7789
2020-12-11 10:15:12
CVE-2021-23980
2023-02-16 22:15:10
CVE-2020-15366
2020-07-15 20:15:13
cvelist
cvelist
CVE-2021-23980
2023-02-16 00:00:00
CVE-2020-7789 Command Injection
2020-12-11 00:00:00
CVE-2020-15366
2020-07-15 19:14:07
mageia
mageia
Updated python-bleach packages fix a security vulnerability
2021-06-16 23:22:25
Updated python-pygments packages fix a security vulnerability
2021-06-14 00:32:39
ibm
ibm
Security Bulletin: CVE-2020-15366 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.
2021-06-04 21:41:54
Security Bulletin: Watson AI Gateway for Cloud Pak for Data is vulnerable to an Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system (CVE-2020-15366)
2023-06-30 18:37:14
alpinelinux
alpinelinux
CVE-2021-23980
2023-02-16 22:15:10
CVE-2021-20270
2021-03-23 17:15:13
CVE-2021-3281
2021-02-02 07:15:14
debiancve
debiancve
CVE-2021-23980
2023-02-16 22:15:10
CVE-2020-15366
2020-07-15 20:15:13
CVE-2021-27291
2021-03-17 13:15:15
suse
suse
Security update for python-Pygments (important)
2021-10-31 00:00:00
Security update for python-Pygments (important)
2021-12-03 00:00:00
Security update for python-Pygments (important)
2021-12-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20270 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
CVE-2021-20270 affecting package python-pygments for versions less than 2.4.2-7
2022-04-09 06:51:44
CVE-2021-27291 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
fedora
fedora
[SECURITY] Fedora 32 Update: python-pygments-2.4.2-9.fc32
2021-05-06 00:58:53
[SECURITY] Fedora 33 Update: python-django-3.0.12-1.fc33
2021-02-13 01:40:25
[SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33
2021-05-06 00:53:56
amazon
amazon
Medium: python-pygments
2023-08-03 18:10:00
Medium: python3-pygments
2023-07-05 22:01:00
githubexploit
githubexploit
Exploit for Path Traversal in Djangoproject Django
2021-07-05 08:25:26
archlinux
archlinux
[ASA-202102-18] python-django: directory traversal
2021-02-07 00:00:00

0.01 Low

EPSS

Percentile

83.4%

JSON
Related for RHSA-2021:0781
nessus43osv31openvas37almalinux2oraclelinux2rocky2freebsd1redhat2ubuntu4veracode4cve6redhatcve5debian7prion6ubuntucve5github6nvd4cvelist6mageia2ibm2alpinelinux3debiancve4suse4cbl_mariner4fedora3amazon2githubexploit1archlinux1