Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2024-42005: ELSA-2024-12803: Oracle Linux Automation Manager 2.2 (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: CVE-2024-42005: ELSA-2024-12803: Oracle Linux Automation Manager 2.2 (MODERATE) (Multiple Advisories)

Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/06/2024
Created
11/13/2024
Added
11/11/2024
Modified
11/28/2024

Description

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. A flaw was found in Django. The QuerySet.values() and QuerySet.values_list() methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

Solution(s)

  • oracle-linux-upgrade-ansible-collection-ansible-posix
  • oracle-linux-upgrade-ansible-collection-community-crypto
  • oracle-linux-upgrade-ansible-collection-community-postgresql
  • oracle-linux-upgrade-ansible-collection-mdellweg-filters
  • oracle-linux-upgrade-ansible-collection-pulp-pulp-installer
  • oracle-linux-upgrade-ansible-role-postgresql
  • oracle-linux-upgrade-dumb-init
  • oracle-linux-upgrade-ol-automation-manager
  • oracle-linux-upgrade-ol-automation-manager-cli
  • oracle-linux-upgrade-ol-private-automation-hub-installer
  • oracle-linux-upgrade-pulpcore-selinux
  • oracle-linux-upgrade-python3-11-aiodns
  • oracle-linux-upgrade-python3-11-aiofiles
  • oracle-linux-upgrade-python3-11-aiohttp
  • oracle-linux-upgrade-python3-11-aiosignal
  • oracle-linux-upgrade-python3-11-ansible-builder
  • oracle-linux-upgrade-python3-11-ansible-compat
  • oracle-linux-upgrade-python3-11-ansible-core
  • oracle-linux-upgrade-python3-11-ansible-lint
  • oracle-linux-upgrade-python3-11-asgiref
  • oracle-linux-upgrade-python3-11-asyncio-throttle
  • oracle-linux-upgrade-python3-11-async-lru
  • oracle-linux-upgrade-python3-11-async-timeout
  • oracle-linux-upgrade-python3-11-attrs
  • oracle-linux-upgrade-python3-11-awscrt
  • oracle-linux-upgrade-python3-11-backoff
  • oracle-linux-upgrade-python3-11-bindep
  • oracle-linux-upgrade-python3-11-black
  • oracle-linux-upgrade-python3-11-bleach
  • oracle-linux-upgrade-python3-11-bleach-allowlist
  • oracle-linux-upgrade-python3-11-boto3
  • oracle-linux-upgrade-python3-11-botocore
  • oracle-linux-upgrade-python3-11-bracex
  • oracle-linux-upgrade-python3-11-brotli
  • oracle-linux-upgrade-python3-11-build
  • oracle-linux-upgrade-python3-11-certifi
  • oracle-linux-upgrade-python3-11-cffi
  • oracle-linux-upgrade-python3-11-charset-normalizer
  • oracle-linux-upgrade-python3-11-click
  • oracle-linux-upgrade-python3-11-colorama
  • oracle-linux-upgrade-python3-11-cryptography
  • oracle-linux-upgrade-python3-11-dateutil
  • oracle-linux-upgrade-python3-11-defusedxml
  • oracle-linux-upgrade-python3-11-deprecated
  • oracle-linux-upgrade-python3-11-diff-match-patch
  • oracle-linux-upgrade-python3-11-distro
  • oracle-linux-upgrade-python3-11-django
  • oracle-linux-upgrade-python3-11-django-auth-ldap
  • oracle-linux-upgrade-python3-11-django-filter
  • oracle-linux-upgrade-python3-11-django-guid
  • oracle-linux-upgrade-python3-11-django-import-export
  • oracle-linux-upgrade-python3-11-django-ipware
  • oracle-linux-upgrade-python3-11-django-lifecycle
  • oracle-linux-upgrade-python3-11-django-picklefield
  • oracle-linux-upgrade-python3-11-django-prometheus
  • oracle-linux-upgrade-python3-11-djangorestframework
  • oracle-linux-upgrade-python3-11-djangorestframework-queryfields
  • oracle-linux-upgrade-python3-11-drf-access-policy
  • oracle-linux-upgrade-python3-11-drf-nested-routers
  • oracle-linux-upgrade-python3-11-drf-spectacular
  • oracle-linux-upgrade-python3-11-dynaconf
  • oracle-linux-upgrade-python3-11-et-xmlfile
  • oracle-linux-upgrade-python3-11-filelock
  • oracle-linux-upgrade-python3-11-flake8
  • oracle-linux-upgrade-python3-11-frozenlist
  • oracle-linux-upgrade-python3-11-future
  • oracle-linux-upgrade-python3-11-galaxy-importer
  • oracle-linux-upgrade-python3-11-galaxy-ng
  • oracle-linux-upgrade-python3-11-gitdb
  • oracle-linux-upgrade-python3-11-gitpython
  • oracle-linux-upgrade-python3-11-gnupg
  • oracle-linux-upgrade-python3-11-googleapis-common-protos
  • oracle-linux-upgrade-python3-11-grpcio
  • oracle-linux-upgrade-python3-11-gunicorn
  • oracle-linux-upgrade-python3-11-idna
  • oracle-linux-upgrade-python3-11-importlib-metadata
  • oracle-linux-upgrade-python3-11-inflection
  • oracle-linux-upgrade-python3-11-insights-analytics-collector
  • oracle-linux-upgrade-python3-11-jinja2
  • oracle-linux-upgrade-python3-11-jmespath
  • oracle-linux-upgrade-python3-11-jsonschema
  • oracle-linux-upgrade-python3-11-ldap
  • oracle-linux-upgrade-python3-11-markdown
  • oracle-linux-upgrade-python3-11-markdown-it-py
  • oracle-linux-upgrade-python3-11-markuppy
  • oracle-linux-upgrade-python3-11-markupsafe
  • oracle-linux-upgrade-python3-11-marshmallow
  • oracle-linux-upgrade-python3-11-mccabe
  • oracle-linux-upgrade-python3-11-mdurl
  • oracle-linux-upgrade-python3-11-multidict
  • oracle-linux-upgrade-python3-11-mypy-extensions
  • oracle-linux-upgrade-python3-11-naya
  • oracle-linux-upgrade-python3-11-oauthlib
  • oracle-linux-upgrade-python3-11-odfpy
  • oracle-linux-upgrade-python311-olamkit
  • oracle-linux-upgrade-python3-11-openpyxl
  • oracle-linux-upgrade-python3-11-opentelemetry-api
  • oracle-linux-upgrade-python3-11-opentelemetry-distro
  • oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp
  • oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-common
  • oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-grpc
  • oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-http
  • oracle-linux-upgrade-python3-11-opentelemetry-instrumentation
  • oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-django
  • oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-wsgi
  • oracle-linux-upgrade-python3-11-opentelemetry-proto
  • oracle-linux-upgrade-python3-11-opentelemetry-sdk
  • oracle-linux-upgrade-python3-11-opentelemetry-semantic-conventions
  • oracle-linux-upgrade-python3-11-opentelemetry-util-http
  • oracle-linux-upgrade-python3-11-packaging
  • oracle-linux-upgrade-python3-11-parsley
  • oracle-linux-upgrade-python3-11-pathspec
  • oracle-linux-upgrade-python3-11-pbr
  • oracle-linux-upgrade-python3-11-pillow
  • oracle-linux-upgrade-python3-11-pipdeptree
  • oracle-linux-upgrade-python3-11-pip-tools
  • oracle-linux-upgrade-python3-11-platformdirs
  • oracle-linux-upgrade-python3-11-prometheus-client
  • oracle-linux-upgrade-python3-11-protobuf
  • oracle-linux-upgrade-python3-11-psycopg
  • oracle-linux-upgrade-python3-11-psycopg-c
  • oracle-linux-upgrade-python3-11-psycopg-pool
  • oracle-linux-upgrade-python3-11-pulp-ansible
  • oracle-linux-upgrade-python3-11-pulp-container
  • oracle-linux-upgrade-python3-11-pulpcore
  • oracle-linux-upgrade-python3-11-pulp-glue
  • oracle-linux-upgrade-python3-11-pyasn1
  • oracle-linux-upgrade-python3-11-pyasn1-modules
  • oracle-linux-upgrade-python3-11-pycares
  • oracle-linux-upgrade-python3-11-pycodestyle
  • oracle-linux-upgrade-python3-11-pycparser
  • oracle-linux-upgrade-python3-11-pycryptodomex
  • oracle-linux-upgrade-python3-11-pyflakes
  • oracle-linux-upgrade-python3-11-pygments
  • oracle-linux-upgrade-python3-11-pygtrie
  • oracle-linux-upgrade-python3-11-pyjwkest
  • oracle-linux-upgrade-python3-11-pyjwt
  • oracle-linux-upgrade-python3-11-pyparsing
  • oracle-linux-upgrade-python3-11-pyproject-hooks
  • oracle-linux-upgrade-python3-11-pyrsistent
  • oracle-linux-upgrade-python3-11-python3-openid
  • oracle-linux-upgrade-python3-11-pytz
  • oracle-linux-upgrade-python3-11-pyyaml
  • oracle-linux-upgrade-python3-11-redis
  • oracle-linux-upgrade-python3-11-requests
  • oracle-linux-upgrade-python3-11-requests-oauthlib
  • oracle-linux-upgrade-python3-11-requirements-parser
  • oracle-linux-upgrade-python3-11-resolvelib
  • oracle-linux-upgrade-python3-11-rich
  • oracle-linux-upgrade-python3-11-ruamel-yaml
  • oracle-linux-upgrade-python3-11-ruamel-yaml-clib
  • oracle-linux-upgrade-python3-11-s3transfer
  • oracle-linux-upgrade-python3-11-semantic-version
  • oracle-linux-upgrade-python3-11-setproctitle
  • oracle-linux-upgrade-python3-11-setuptools-scm
  • oracle-linux-upgrade-python3-11-six
  • oracle-linux-upgrade-python3-11-smmap
  • oracle-linux-upgrade-python3-11-social-auth-app-django
  • oracle-linux-upgrade-python3-11-social-auth-core
  • oracle-linux-upgrade-python3-11-sqlparse
  • oracle-linux-upgrade-python3-11-subprocess-tee
  • oracle-linux-upgrade-python3-11-tablib
  • oracle-linux-upgrade-python3-11-tomli
  • oracle-linux-upgrade-python3-11-types-cryptography
  • oracle-linux-upgrade-python3-11-types-setuptools
  • oracle-linux-upgrade-python3-11-typing-extensions
  • oracle-linux-upgrade-python3-11-uritemplate
  • oracle-linux-upgrade-python3-11-urllib3
  • oracle-linux-upgrade-python3-11-url-normalize
  • oracle-linux-upgrade-python3-11-uuid6
  • oracle-linux-upgrade-python3-11-wcmatch
  • oracle-linux-upgrade-python3-11-webencodings
  • oracle-linux-upgrade-python3-11-websockets
  • oracle-linux-upgrade-python3-11-whitenoise
  • oracle-linux-upgrade-python3-11-wrapt
  • oracle-linux-upgrade-python3-11-xlrd
  • oracle-linux-upgrade-python3-11-xlwt
  • oracle-linux-upgrade-python3-11-yamllint
  • oracle-linux-upgrade-python3-11-yarl
  • oracle-linux-upgrade-python3-11-zipp
  • oracle-linux-upgrade-python-dateutil-doc
  • oracle-linux-upgrade-python-pip-tools-doc
  • oracle-linux-upgrade-receptor
  • oracle-linux-upgrade-supervisor

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;