An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 Via RHSA-2025:0722 https://access.redhat.com/errata/RHSA-2025:0722
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 9 Red Hat Ansible Automation Platform 2.5 for RHEL 8 Via RHSA-2025:0777 https://access.redhat.com/errata/RHSA-2025:0777
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 8 Red Hat Ansible Automation Platform 2.5 for RHEL 9 Via RHSA-2025:0782 https://access.redhat.com/errata/RHSA-2025:0782
This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2025:2399 https://access.redhat.com/errata/RHSA-2025:2399
Hi Redhat Ansible Automation Hub affected by CVE-2024-56374 ?? As security scanner flagged the following. Path : /usr/lib/python3.9/site-packages/Django-4.2.16-py3.9.egg-info/Django Installed version : 4.2.16 Fixed version : 4.2.18 RHEL OS: RHEL 8.10 Ansible Automation Platform version : 2.4 Ansible Automation Hub : 4.9.2
Per comment #6 and Red Hat Satellite 6.16 for RHEL 8 Via RHSA-2025:2399 https://access.redhat.com/errata/RHSA-2025:2399 Can this be backported for Satellite 6.15 for RHEL 8? What may be the timeline for that to occur?