Red%20Hat%20Advanced%20Cluster%20Security%204.5 Details

Red Hat Advanced Cluster Security 4.5

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-11831

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-5.4||MEDIUM

EPSS-0.52% / 65.87%

7 Day CHG~0.00%

Published-10 Feb, 2025 | 15:27

Updated-20 Aug, 2025 | 22:34

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Vendor-Red Hat, Inc.

Product-Red Hat OpenShift Container Platform 3.11 Red Hat Advanced Cluster Security 4.4 RHODF-4.18-RHEL-9 Logging Subsystem for Red Hat OpenShift Red Hat Ceph Storage 8 Red Hat Process Automation 7 RHODF-4.16-RHEL-9 Red Hat JBoss Enterprise Application Platform 7 OpenShift Service Mesh 2 Migration Toolkit for Virtualization Red Hat Fuse 7 OpenShift Lightspeed Red Hat Enterprise Linux 10 Red Hat Trusted Profile Analyzer Red Hat Discovery 1 Red Hat Quay 3 Red Hat Satellite 6 Cryostat 3 Red Hat OpenShift Dev Spaces Red Hat JBoss Enterprise Application Platform 8 RHODF-4.14-RHEL-9 Red Hat Ansible Automation Platform 2 Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat Data Grid 8 Red Hat Enterprise Linux 8 RHODF-4.15-RHEL-9 Red Hat Enterprise Linux 9 Red Hat 3scale API Management Platform 2 RHODF-4.17-RHEL-9 Red Hat Advanced Cluster Security 4.5 Red Hat build of OptaPlanner 8 Red Hat Developer Hub .NET 6.0 on Red Hat Enterprise Linux Red Hat OpenShift distributed tracing 3 Red Hat Single Sign-On 7 Red Hat OpenShift AI (RHOAI)Red Hat Advanced Cluster Management for Kubernetes 2 Red Hat OpenShift Container Platform 4 Red Hat Ceph Storage 7 OpenShift Serverless Red Hat build of Apicurio Registry 2 Red Hat build of Apache Camel - HawtIO 4 Red Hat Advanced Cluster Security 4 OpenShift Pipelines Red Hat Integration Camel K 1

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-3727

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-8.3||HIGH

EPSS-0.38% / 58.73%

7 Day CHG~0.00%

Published-09 May, 2024 | 14:57

Updated-23 Jul, 2025 | 20:01

Containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Vendor-Red Hat, Inc.

CWE ID-CWE-354

Improper Validation of Integrity Check Value