SB2021090922 - Multiple vulnerabilities in Red Hat Virtualization
Published: September 9, 2021 Updated: September 29, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Command Injection (CVE-ID: CVE-2021-23337)
The vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation when processing templates. A remote privileged user can inject and execute arbitrary commands on the system.
2) Incorrect Regular Expression (CVE-ID: CVE-2020-28500)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Remediation
Install update from vendor's website.