{ "threat_severity" : "Important", "public_date" : "2025-11-05T15:09:58Z", "bugzilla" : { "description" : "django: Django SQL injection", "id" : "2412651", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, "cvss3" : { "cvss3_base_score" : "8.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-89", "details" : [ "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the class Q() were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the _connector argument." ], "statement" : "The impact of this vulnerability on Red Hat products is limited to the effective user scope of the running process.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-installer-0:2.5-20.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-builder-0:3.1.1-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-creator-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-dev-environment-0:25.12.2-1.1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-dev-tools-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-lint-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-navigator-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-runner-0:2.4.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-sign-0:0.1.4-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-controller-0:4.6.23-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-controller-fapolicyd-0:1.0-5.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-eda-controller-0:1.1.14-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-gateway-0:2.5.20251210-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-hub-0:4.10.10-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "bindep-0:2.13.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "molecule-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-ansible-compat-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-distlib-0:0.4.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-django-0:4.2.26-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-django-ansible-base-0:2.5.20251210-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-execnet-0:2.1.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-galaxy-importer-0:0.4.36-2.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-galaxy-ng-0:4.10.10-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-gunicorn-0:23.0.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pluggy-0:1.6.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-0:9.0.1-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-ansible-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-xdist-0:3.8.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-ruamel-yaml-clib-0:0.2.15-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-subprocess-tee-0:0.4.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-tox-ansible-0:25.12.0-1.2.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-typing-extensions-0:4.15.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "receptor-0:1.6.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-automation-platform-installer-0:2.5-20.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-builder-0:3.1.1-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-creator-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-dev-environment-0:25.12.2-1.1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-dev-tools-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-lint-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-navigator-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-runner-0:2.4.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-sign-0:0.1.4-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-controller-0:4.6.23-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-controller-fapolicyd-0:1.0-5.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-eda-controller-0:1.1.14-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-gateway-0:2.5.20251210-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-hub-0:4.10.10-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "bindep-0:2.13.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "molecule-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-ansible-compat-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-distlib-0:0.4.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-django-0:4.2.26-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-django-ansible-base-0:2.5.20251210-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-execnet-0:2.1.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-galaxy-importer-0:0.4.36-2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-galaxy-ng-0:4.10.10-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-gunicorn-0:23.0.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pluggy-0:1.6.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-0:9.0.1-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-ansible-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-xdist-0:3.8.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-ruamel-yaml-clib-0:0.2.15-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-subprocess-tee-0:0.4.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-tox-ansible-0:25.12.0-1.2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-typing-extensions-0:4.15.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "receptor-0:1.6.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23070", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "automation-controller-0:4.7.6-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23070", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "python3.11-django-0:4.2.26-2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.4", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23130", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package" : "ansible-automation-platform-24/lightspeed-rhel8:sha256:383f1c8185acb57d17cd090bd2febaba53a90c71d163601800ff6dd947be7482" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23131", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/lightspeed-rhel8:sha256:1fd9b45b0a57886af214f0eb4caa4980df100c4978447c67cc647ba121b1952f" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23133", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/controller-rhel9:sha256:4c7528d36ee6d44f72f22f4c1b00b0184bf69471ade27b01585421bd088da619" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23133", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/eda-controller-rhel9-operator:sha256:0183a7211f1039a06351bf12bafcaa706f633098bdb17374696f3d6f5ecbe6b5" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23133", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/gateway-rhel9:sha256:3dd1c4268e55f6943c853cf21150093ecd3cd3d38776958471c13f350a53be4f" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23133", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/lightspeed-rhel9:sha256:0a4c7ff9c1657fffbbd358a0a15418e09e5aeb9aa34ee5297c0d6a91cee0f8a9" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-15T00:00:00Z", "advisory" : "RHSA-2025:23196", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9:sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-01-29T00:00:00Z", "advisory" : "RHSA-2026:1596", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/hub-rhel9:sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3" } ], "package_state" : [ { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/grafana-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-must-gather-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-rhel8-operator", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/pilot-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/ratelimit-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-must-gather-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-pilot-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-sail-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh-tech-preview/istio-ztunnel-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/platform-resource-runner-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Will not fix", "package_name" : "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-25/ansible-dev-tools-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-cloud-services-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/platform-resource-runner-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-26/ansible-dev-tools-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-26/eda-controller-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/mcp-tools-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/platform-resource-runner-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-tech-preview/automation-dashboard-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Will not fix", "package_name" : "discovery/discovery-server-rhel9", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Discovery 2", "fix_state" : "Affected", "package_name" : "discovery/discovery-server-rhel9", "cpe" : "cpe:/a:redhat:discovery:2::el9" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "rhosp13/openstack-horizon", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Affected", "package_name" : "rhosp13/openstack-horizon-base", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/openstack-horizon", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "rhosp-rhel9/openstack-horizon", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "rhoso/openstack-horizon-rhel9", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-advisor-backend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-64459\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-64459\nhttps://docs.djangoproject.com/en/dev/releases/security/\nhttps://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a\nhttps://groups.google.com/g/django-announce\nhttps://www.djangoproject.com/weblog/2025/nov/05/security-releases/" ], "name" : "CVE-2025-64459", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }