Oracle Linux: CVE-2024-42005: ELSA-2024-12803: Oracle Linux Automation Manager 2.2 (MODERATE) (Multiple Advisories)
7
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
08/06/2024
11/13/2024
11/11/2024
11/22/2024
Description
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. A flaw was found in Django. The QuerySet.values() and QuerySet.values_list() methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Solution(s)
- oracle-linux-upgrade-ansible-collection-ansible-posix
- oracle-linux-upgrade-ansible-collection-community-crypto
- oracle-linux-upgrade-ansible-collection-community-postgresql
- oracle-linux-upgrade-ansible-collection-mdellweg-filters
- oracle-linux-upgrade-ansible-collection-pulp-pulp-installer
- oracle-linux-upgrade-ansible-role-postgresql
- oracle-linux-upgrade-dumb-init
- oracle-linux-upgrade-ol-automation-manager
- oracle-linux-upgrade-ol-automation-manager-cli
- oracle-linux-upgrade-ol-private-automation-hub-installer
- oracle-linux-upgrade-pulpcore-selinux
- oracle-linux-upgrade-python3-11-aiodns
- oracle-linux-upgrade-python3-11-aiofiles
- oracle-linux-upgrade-python3-11-aiohttp
- oracle-linux-upgrade-python3-11-aiosignal
- oracle-linux-upgrade-python3-11-ansible-builder
- oracle-linux-upgrade-python3-11-ansible-compat
- oracle-linux-upgrade-python3-11-ansible-core
- oracle-linux-upgrade-python3-11-ansible-lint
- oracle-linux-upgrade-python3-11-asgiref
- oracle-linux-upgrade-python3-11-asyncio-throttle
- oracle-linux-upgrade-python3-11-async-lru
- oracle-linux-upgrade-python3-11-async-timeout
- oracle-linux-upgrade-python3-11-attrs
- oracle-linux-upgrade-python3-11-awscrt
- oracle-linux-upgrade-python3-11-backoff
- oracle-linux-upgrade-python3-11-bindep
- oracle-linux-upgrade-python3-11-black
- oracle-linux-upgrade-python3-11-bleach
- oracle-linux-upgrade-python3-11-bleach-allowlist
- oracle-linux-upgrade-python3-11-boto3
- oracle-linux-upgrade-python3-11-botocore
- oracle-linux-upgrade-python3-11-bracex
- oracle-linux-upgrade-python3-11-brotli
- oracle-linux-upgrade-python3-11-build
- oracle-linux-upgrade-python3-11-certifi
- oracle-linux-upgrade-python3-11-cffi
- oracle-linux-upgrade-python3-11-charset-normalizer
- oracle-linux-upgrade-python3-11-click
- oracle-linux-upgrade-python3-11-colorama
- oracle-linux-upgrade-python3-11-cryptography
- oracle-linux-upgrade-python3-11-dateutil
- oracle-linux-upgrade-python3-11-defusedxml
- oracle-linux-upgrade-python3-11-deprecated
- oracle-linux-upgrade-python3-11-diff-match-patch
- oracle-linux-upgrade-python3-11-distro
- oracle-linux-upgrade-python3-11-django
- oracle-linux-upgrade-python3-11-django-auth-ldap
- oracle-linux-upgrade-python3-11-django-filter
- oracle-linux-upgrade-python3-11-django-guid
- oracle-linux-upgrade-python3-11-django-import-export
- oracle-linux-upgrade-python3-11-django-ipware
- oracle-linux-upgrade-python3-11-django-lifecycle
- oracle-linux-upgrade-python3-11-django-picklefield
- oracle-linux-upgrade-python3-11-django-prometheus
- oracle-linux-upgrade-python3-11-djangorestframework
- oracle-linux-upgrade-python3-11-djangorestframework-queryfields
- oracle-linux-upgrade-python3-11-drf-access-policy
- oracle-linux-upgrade-python3-11-drf-nested-routers
- oracle-linux-upgrade-python3-11-drf-spectacular
- oracle-linux-upgrade-python3-11-dynaconf
- oracle-linux-upgrade-python3-11-et-xmlfile
- oracle-linux-upgrade-python3-11-filelock
- oracle-linux-upgrade-python3-11-flake8
- oracle-linux-upgrade-python3-11-frozenlist
- oracle-linux-upgrade-python3-11-future
- oracle-linux-upgrade-python3-11-galaxy-importer
- oracle-linux-upgrade-python3-11-galaxy-ng
- oracle-linux-upgrade-python3-11-gitdb
- oracle-linux-upgrade-python3-11-gitpython
- oracle-linux-upgrade-python3-11-gnupg
- oracle-linux-upgrade-python3-11-googleapis-common-protos
- oracle-linux-upgrade-python3-11-grpcio
- oracle-linux-upgrade-python3-11-gunicorn
- oracle-linux-upgrade-python3-11-idna
- oracle-linux-upgrade-python3-11-importlib-metadata
- oracle-linux-upgrade-python3-11-inflection
- oracle-linux-upgrade-python3-11-insights-analytics-collector
- oracle-linux-upgrade-python3-11-jinja2
- oracle-linux-upgrade-python3-11-jmespath
- oracle-linux-upgrade-python3-11-jsonschema
- oracle-linux-upgrade-python3-11-ldap
- oracle-linux-upgrade-python3-11-markdown
- oracle-linux-upgrade-python3-11-markdown-it-py
- oracle-linux-upgrade-python3-11-markuppy
- oracle-linux-upgrade-python3-11-markupsafe
- oracle-linux-upgrade-python3-11-marshmallow
- oracle-linux-upgrade-python3-11-mccabe
- oracle-linux-upgrade-python3-11-mdurl
- oracle-linux-upgrade-python3-11-multidict
- oracle-linux-upgrade-python3-11-mypy-extensions
- oracle-linux-upgrade-python3-11-naya
- oracle-linux-upgrade-python3-11-oauthlib
- oracle-linux-upgrade-python3-11-odfpy
- oracle-linux-upgrade-python311-olamkit
- oracle-linux-upgrade-python3-11-openpyxl
- oracle-linux-upgrade-python3-11-opentelemetry-api
- oracle-linux-upgrade-python3-11-opentelemetry-distro
- oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp
- oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-common
- oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-grpc
- oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-http
- oracle-linux-upgrade-python3-11-opentelemetry-instrumentation
- oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-django
- oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-wsgi
- oracle-linux-upgrade-python3-11-opentelemetry-proto
- oracle-linux-upgrade-python3-11-opentelemetry-sdk
- oracle-linux-upgrade-python3-11-opentelemetry-semantic-conventions
- oracle-linux-upgrade-python3-11-opentelemetry-util-http
- oracle-linux-upgrade-python3-11-packaging
- oracle-linux-upgrade-python3-11-parsley
- oracle-linux-upgrade-python3-11-pathspec
- oracle-linux-upgrade-python3-11-pbr
- oracle-linux-upgrade-python3-11-pillow
- oracle-linux-upgrade-python3-11-pipdeptree
- oracle-linux-upgrade-python3-11-pip-tools
- oracle-linux-upgrade-python3-11-platformdirs
- oracle-linux-upgrade-python3-11-prometheus-client
- oracle-linux-upgrade-python3-11-protobuf
- oracle-linux-upgrade-python3-11-psycopg
- oracle-linux-upgrade-python3-11-psycopg-c
- oracle-linux-upgrade-python3-11-psycopg-pool
- oracle-linux-upgrade-python3-11-pulp-ansible
- oracle-linux-upgrade-python3-11-pulp-container
- oracle-linux-upgrade-python3-11-pulpcore
- oracle-linux-upgrade-python3-11-pulp-glue
- oracle-linux-upgrade-python3-11-pyasn1
- oracle-linux-upgrade-python3-11-pyasn1-modules
- oracle-linux-upgrade-python3-11-pycares
- oracle-linux-upgrade-python3-11-pycodestyle
- oracle-linux-upgrade-python3-11-pycparser
- oracle-linux-upgrade-python3-11-pycryptodomex
- oracle-linux-upgrade-python3-11-pyflakes
- oracle-linux-upgrade-python3-11-pygments
- oracle-linux-upgrade-python3-11-pygtrie
- oracle-linux-upgrade-python3-11-pyjwkest
- oracle-linux-upgrade-python3-11-pyjwt
- oracle-linux-upgrade-python3-11-pyparsing
- oracle-linux-upgrade-python3-11-pyproject-hooks
- oracle-linux-upgrade-python3-11-pyrsistent
- oracle-linux-upgrade-python3-11-python3-openid
- oracle-linux-upgrade-python3-11-pytz
- oracle-linux-upgrade-python3-11-pyyaml
- oracle-linux-upgrade-python3-11-redis
- oracle-linux-upgrade-python3-11-requests
- oracle-linux-upgrade-python3-11-requests-oauthlib
- oracle-linux-upgrade-python3-11-requirements-parser
- oracle-linux-upgrade-python3-11-resolvelib
- oracle-linux-upgrade-python3-11-rich
- oracle-linux-upgrade-python3-11-ruamel-yaml
- oracle-linux-upgrade-python3-11-ruamel-yaml-clib
- oracle-linux-upgrade-python3-11-s3transfer
- oracle-linux-upgrade-python3-11-semantic-version
- oracle-linux-upgrade-python3-11-setproctitle
- oracle-linux-upgrade-python3-11-setuptools-scm
- oracle-linux-upgrade-python3-11-six
- oracle-linux-upgrade-python3-11-smmap
- oracle-linux-upgrade-python3-11-social-auth-app-django
- oracle-linux-upgrade-python3-11-social-auth-core
- oracle-linux-upgrade-python3-11-sqlparse
- oracle-linux-upgrade-python3-11-subprocess-tee
- oracle-linux-upgrade-python3-11-tablib
- oracle-linux-upgrade-python3-11-tomli
- oracle-linux-upgrade-python3-11-types-cryptography
- oracle-linux-upgrade-python3-11-types-setuptools
- oracle-linux-upgrade-python3-11-typing-extensions
- oracle-linux-upgrade-python3-11-uritemplate
- oracle-linux-upgrade-python3-11-urllib3
- oracle-linux-upgrade-python3-11-url-normalize
- oracle-linux-upgrade-python3-11-uuid6
- oracle-linux-upgrade-python3-11-wcmatch
- oracle-linux-upgrade-python3-11-webencodings
- oracle-linux-upgrade-python3-11-websockets
- oracle-linux-upgrade-python3-11-whitenoise
- oracle-linux-upgrade-python3-11-wrapt
- oracle-linux-upgrade-python3-11-xlrd
- oracle-linux-upgrade-python3-11-xlwt
- oracle-linux-upgrade-python3-11-yamllint
- oracle-linux-upgrade-python3-11-yarl
- oracle-linux-upgrade-python3-11-zipp
- oracle-linux-upgrade-python-dateutil-doc
- oracle-linux-upgrade-python-pip-tools-doc
- oracle-linux-upgrade-receptor
- oracle-linux-upgrade-supervisor
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center