- Issued:
- 2024-09-03
- Updated:
- 2025-03-25
RHSA-2024:6235 - Red Hat Trusted Profile Analyzer 1.1.2
Synopsis
Red Hat Trusted Profile Analyzer 1.1.2
Type/Severity
Security Advisory Moderate
Topic
Red Hat Trusted Profile Analyzer 1.1.2 release Red Hat Product Security has rated this update as having a security impact of Moderate
Description
Red Hat Trusted Profile Analyzer 1.1.2 Security Fix(es): * nodejs-async: Regular expression denial of service while parsing function in autoinject (CVE-2024-39249) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * TC-1730 - CycloneDX SBOM with escape sequence upload failed.
Solution
It is recommended that existing users of RHTPA 1.1.1 upgrade to 1.1.2. There are no changes to any data structures or API’s included within this release.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Trusted Profile Analyzer (RHTPA) | 1.1 | x86_64 |
Fixes
- This content is not included.This content is not included.https://issues.redhat.com/browse/TC-1640
- This content is not included.This content is not included.https://issues.redhat.com/browse/TC-1730
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.