In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory.

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

    Security fixes:
    * python-pygments: ReDoS in pygments (CVE-2022-40896)
    * python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex     (CVE-2023-52323)
    * satellite: Arithmetic overflow in satellite (CVE-2023-4320)
    * automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
    * jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
    * python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)
    * rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)
    * jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
    * python-django: Potential denial of service vulnerability in `django.utils.encoding.uri_to_iri()`     (CVE-2023-41164)
    * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
    * python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627)
    * python-aiohttp: HTTP request modification (CVE-2023-49081)
    * python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)
    * rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647)
    * rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user     (CVE-2024-22047)
    * python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter     (CVE-2024-22195)
    * python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * python-aiohttp: HTTP request smuggling (CVE-2024-23829)

    Additional Changes:
    This update also fixes several bugs and adds various enhancements.

    Documentation for these changes is available from the Release Notes document linked to in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):

    *  automation-controller: Django: Denial-of-service possibility in django.utils.text.Truncator     (CVE-2023-43665)

    * python3-urllib3/python39-urllib3: Cookie request header isn't stripped during cross-origin redirects     (CVE-2023-43804)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes for automation controller:
    * automation-controller has been updated to 4.4.7
    * Cleaned up SOS report passwords (AAP-17544)
    * Customers using the infra.controller_configuration collection (which uses ansible.controller     collection) to update their Ansible Automation Platform environment no longer receive an HTTP 499 response     (AAP-17422)

    Additional changes:
    * python3-urllib3/python39-urllib3 has been updated to 1.26.18

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):
    * ansible-core: malicious role archive can cause ansible-galaxy to overwrite arbitrary files     (CVE-2023-5115)
    * automation-controller: Django: Potential denial of service vulnerability in     django.utils.encoding.uri_to_iri() (CVE-2023-41164)
    * python3-django/python39-django: Denial-of-service possibility in django.utils.text.Truncator     (CVE-2023-43665)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional changes:
    * ansible-core has been updated to 2.15.5
    * automation-controller has been updated to 4.4.6
    * python3-django/python39-django has been updated to 3.2.22
    * automation controller: Added a new subscription usage page to the controller UI to view historical usage     of licenses (AAP-16983)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1536 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.
    Security Fix(es):

    * automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
    * python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * python-aiohttp: http request smuggling (CVE-2024-23829)
    * python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
    * python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
    * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
    * python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter     (CVE-2024-22195)

    Bug Fix(es):
    2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE     and CVs.
    2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello     content     2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint     rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq     2266140 - wrong links to provisioning guide in CR help     2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when     updating the hypervisors     2266144 - Promoting a composite content view to environment with registry name as <%=     lifecycle_environment.label %>/<%= repository.name %> on Red Hat Satellite 6 fails with 'undefined     method '#label' for NilClass::Jail (NilClass)'     2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate     2266146 - katello:reimport fails with TypeError: no implicit conversion of String into Integer when     there are product contents to move     2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique     constraint katello_available_module_streams_name_stream_context     2266148 - Adding a CV to a CCV lists CV versions disorderly     2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step     2266413 - [RFE] Add content view window and Update version window should display content view version,     description and publishing date     2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the     Login page or on the Dashboard page.
    2266141 - wrong link to scap content documentation     Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-84fbbbb914 advisory.

    Security fixes for

    - CVE-2024-27351 Potential regular expression DOS in `django.utils.text.Truncator.words()`
    - CVE-2024-24680 denial-of-service in ``intcomma`` template filter
    - CVE-2023-43665 Denial-of-service possibility in django.utils.text.Truncator
    - CVE-2023-41164 Potential DOS vulnerability in `django.utils.encoding.uri_to_iri()`
    - CVE-2023-36053 Potential regular expression denial of service vulnerability in     EmailValidator/URLValidator





Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1878 advisory.

    Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant     framework that enables you to manage repositories and content. It also enables     cloud providers to deliver content and updates to Red Hat Enterprise Linux     (RHEL) instances.

    Security Fix(es):

    * python-django: Potential regular expression denial of service vulnerability in     EmailValidator/URLValidator (CVE-2023-36053)

    * python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)

    * python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``     (CVE-2023-41164)

    * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)

    * python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)

    * aiohttp: HTTP request modification (CVE-2023-49081)

    * python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

    * jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

    * aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)

    * python-ecdsa: vulnerable to the Minerva attack (CVE-2024-23342)

    * python-aiohttp: http request smuggling (CVE-2024-23829)

    * Django: denial-of-service in ``intcomma`` template filter (CVE-2024-24680)

    * python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()     (CVE-2024-27351)

    * aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)

    This RHUI update fixes the following bugs:

    * The rhui-installer failed on RHEL 8.10 Beta due to the use of distutils. This has been addressed by     updating to a newer version of ansible-collection-community-crypto which does not use the distutils.

    This RHUI update introduces the following enhancements:

    * A native Ansible module is now used to update the packages on the RHUA server when the RHUI installer is     run for the first time or rerun at any time. This update can be prevented by using the --ignore-newer-     rhel-packages flag on the rhui-installer command line.

    * PulpCore has been updated to version 3.39.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0390-1 advisory.

  - In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator     chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service)     attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods     are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also     vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. (CVE-2023-43665)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0389-1 advisory.

  - In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator     chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service)     attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods     are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also     vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. (CVE-2023-43665)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a67af7d8f4 advisory.

    Security fix for CVE-2023-41164 and CVE-2023-43665




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-9d36d373f1 advisory.

    Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0310-1 advisory.

  - Denial-of-service possibility in django.utils.text.Truncator [fedora-all] (CVE-2023-43665)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-cc023fabb7 advisory.

    Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6414-2 advisory.

    USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update     provides the corresponding update for Ubuntu 18.04 LTS.



Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f254817-6318-11ee-b2ff-080027de9982 advisory.

  - Django reports: CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator.
    (CVE-2023-43665)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6414-1 advisory.

    Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A     remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of     service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
199805	RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)	Nessus	Red Hat Local Security Checks	high
194399	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:6158)	Nessus	Red Hat Local Security Checks	critical
194369	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5758)	Nessus	Red Hat Local Security Checks	medium
194355	RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)	Nessus	Red Hat Local Security Checks	high
193650	Fedora 38 : python-django3 (2024-84fbbbb914)	Nessus	Fedora Local Security Checks	high
193467	RHEL 8 : RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements (Moderate) (RHSA-2024:1878)	Nessus	Red Hat Local Security Checks	high
186583	openSUSE 15 Security Update : python-Django1 (openSUSE-SU-2023:0390-1)	Nessus	SuSE Local Security Checks	high
186582	openSUSE 15 Security Update : python-Django1 (openSUSE-SU-2023:0389-1)	Nessus	SuSE Local Security Checks	high
185323	Fedora 39 : python-django (2023-a67af7d8f4)	Nessus	Fedora Local Security Checks	high
183683	Fedora 37 : python-asgiref / python-django (2023-9d36d373f1)	Nessus	Fedora Local Security Checks	high
183676	openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0310-1)	Nessus	SuSE Local Security Checks	high
183095	Fedora 38 : python-asgiref / python-django (2023-cc023fabb7)	Nessus	Fedora Local Security Checks	high
182577	Ubuntu 18.04 ESM : Django vulnerabilities (USN-6414-2)	Nessus	Ubuntu Local Security Checks	high
182574	FreeBSD : Django -- multiple vulnerabilities (4f254817-6318-11ee-b2ff-080027de9982)	Nessus	FreeBSD Local Security Checks	high
182529	Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Django vulnerability (USN-6414-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2023-43665

high

Tenable Plugins

high

critical

medium

high

high

high

high

high

high

high

high

high

high

high

high