CVE-2024-11831

CVE-2024-11831

• CWE-79 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

• / — v=6.0 <6.0.2 [affected]
• Red Hat / Red Hat Advanced Cluster Security 4.4 — v=4.4.8-2 <* [unaffected]
• Red Hat / Red Hat Advanced Cluster Security 4.5 — v=4.5.6-2 <* [unaffected]
• Red Hat / Red Hat Ceph Storage 7.1 — v=2:18.2.1-381.el8cp <* [unaffected]
• Red Hat / Red Hat Ceph Storage 8.1 — v=2:19.2.1-292.el9cp <* [unaffected]
• Red Hat / Red Hat Ceph Storage 9.0 — v=2:20.1.0-144.el10cp <* [unaffected]
• Red Hat / Red Hat Enterprise Linux 8 — v=0:8.0.112-1.el8_10 <* [unaffected]
• Red Hat / Red Hat Enterprise Linux 9 — v=0:8.0.112-1.el9_5 <* [unaffected]
• Red Hat / RHODF-4.14-RHEL-9 — v=v4.14.18-2 <* [unaffected]
• Red Hat / RHODF-4.14-RHEL-9 — v=v4.14.18-3 <* [unaffected]
• Red Hat / RHODF-4.14-RHEL-9 — v=v4.14.18-2 <* [unaffected]
• Red Hat / RHODF-4.15-RHEL-9 — v=v4.15.14-2 <* [unaffected]
• Red Hat / RHODF-4.15-RHEL-9 — v=v4.15.14-2 <* [unaffected]
• Red Hat / RHODF-4.15-RHEL-9 — v=v4.15.14-2 <* [unaffected]
• Red Hat / RHODF-4.16-RHEL-9 — v=v4.16.10-4 <* [unaffected]
• Red Hat / RHODF-4.16-RHEL-9 — v=v4.16.10-4 <* [unaffected]
• Red Hat / RHODF-4.16-RHEL-9 — v=v4.16.10-3 <* [unaffected]
• Red Hat / RHODF-4.17-RHEL-9 — v=v4.17.7-2 <* [unaffected]
• Red Hat / RHODF-4.17-RHEL-9 — v=v4.17.7-2 <* [unaffected]
• Red Hat / RHODF-4.17-RHEL-9 — v=v4.17.7-2 <* [unaffected]
• Red Hat / RHODF-4.18-RHEL-9 — v=v4.18.2-8 <* [unaffected]
• Red Hat / RHODF-4.18-RHEL-9 — v=v4.18.2-7 <* [unaffected]
• Red Hat / RHODF-4.18-RHEL-9 — v=v4.18.2-8 <* [unaffected]
• Red Hat / Red Hat Ceph Storage 8 — v=sha256:5a97e827c48732775a76e2fe25860488e773f4d8da0e0fbc51168fe30a5deb4b <* [unaffected]
• Red Hat / Red Hat Ceph Storage 9 — v=sha256:3e0b13addd3593d8802f1d55e878bb467e5c83e1ffd76999b006107b5cb3d335 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.14.6 — v=sha256:84f36fbadbbbbaa4a174850994a6bfb1ffb8f2c671f9dee83037a756c3a3cd95 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.15 — v=sha256:3b11a142e5018e047c185199f157089d47e86f470e9ada73d0c36cd84ae2f020 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.15 — v=sha256:43fbd1ff1fcab53e5d4fde5daafa46795b3f2b1e14c07cc2e565b624aa8468c7 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.16 — v=sha256:15b283d200e626cc945bd5bfb71b883948e07ed70e97fd4da5dc678aae183808 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.16 — v=sha256:3fc1b957039ba40b8d5353cd624b930f2bc5c5cb47335f7eb3255a8d792a3060 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.17 — v=sha256:43f914efbabff71cd7f5dad186b461fd87a28846b33f8c8b3d2ad38fece95983 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.17 — v=sha256:31ed62e58c9d12bff8cd88a881eda9b5e68d8d416227d191228dd0d3b4af532c <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.18.0 — v=sha256:7a71e590bb448f9f6c9f1e8f8ad0396770cc015e22358d5f7b022f79f2ff01e2 <* [unaffected]
• Red Hat / Red Hat OpenShift Pipelines 1.19 — v=sha256:31eeeab213a1b603ab8c3f8253cd19c87bb45ca03e96e0461314571a7de82828 <* [unaffected]
• Red Hat / Cryostat 3 —
• Red Hat / Logging Subsystem for Red Hat OpenShift —
• Red Hat / Migration Toolkit for Virtualization —
• Red Hat / .NET 6.0 on Red Hat Enterprise Linux —
• Red Hat / OpenShift Lightspeed —
• Red Hat / OpenShift Pipelines —
• Red Hat / OpenShift Pipelines —
• Red Hat / OpenShift Pipelines —
• Red Hat / OpenShift Serverless —
• Red Hat / OpenShift Service Mesh 2 —
• Red Hat / OpenShift Service Mesh 2 —
• Red Hat / Red Hat 3scale API Management Platform 2 —
• Red Hat / Red Hat Advanced Cluster Management for Kubernetes 2 —
• Red Hat / Red Hat Advanced Cluster Security 4 —
• Red Hat / Red Hat Advanced Cluster Security 4 —
• Red Hat / Red Hat Advanced Cluster Security 4 —
• Red Hat / Red Hat Advanced Cluster Security 4 —
• Red Hat / Red Hat Advanced Cluster Security 4 —
• Red Hat / Red Hat Ansible Automation Platform 2 —
• Red Hat / Red Hat Ansible Automation Platform 2 —
• Red Hat / Red Hat Ansible Automation Platform 2 —
• Red Hat / Red Hat Ansible Automation Platform 2 —
• Red Hat / Red Hat build of Apache Camel - HawtIO 4 —
• Red Hat / Red Hat build of Apicurio Registry 2 —
• Red Hat / Red Hat build of OptaPlanner 8 —
• Red Hat / Red Hat Ceph Storage 7 —
• Red Hat / Red Hat Ceph Storage 7 —
• Red Hat / Red Hat Ceph Storage 7 —
• Red Hat / Red Hat Ceph Storage 8 —
• Red Hat / Red Hat Ceph Storage 8 —
• Red Hat / Red Hat Ceph Storage 9 —
• Red Hat / Red Hat Ceph Storage 9 —
• Red Hat / Red Hat Data Grid 8 —
• Red Hat / Red Hat Developer Hub —
• Red Hat / Red Hat Discovery 1 —
• Red Hat / Red Hat Enterprise Linux 10 —
• Red Hat / Red Hat Enterprise Linux 8 —
• Red Hat / Red Hat Enterprise Linux 8 —
• Red Hat / Red Hat Enterprise Linux 8 —
• Red Hat / Red Hat Enterprise Linux 9 —
• Red Hat / Red Hat Enterprise Linux 9 —
• Red Hat / Red Hat Enterprise Linux 9 —
• Red Hat / Red Hat Fuse 7 —
• Red Hat / Red Hat Integration Camel K 1 —
• Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
• Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
• Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift AI (RHOAI) —
• Red Hat / Red Hat OpenShift Container Platform 3.11 —
• Red Hat / Red Hat OpenShift Container Platform 4 —
• Red Hat / Red Hat OpenShift Dev Spaces —
• Red Hat / Red Hat OpenShift Dev Spaces —
• Red Hat / Red Hat OpenShift Dev Spaces —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat OpenShift distributed tracing 3 —
• Red Hat / Red Hat Process Automation 7 —
• Red Hat / Red Hat Quay 3 —
• Red Hat / Red Hat Satellite 6 —
• Red Hat / Red Hat Satellite 6 —
• Red Hat / Red Hat Single Sign-On 7 —
• Red Hat / Red Hat Trusted Profile Analyzer —

• 3.1 score=5.4 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

• https://access.redhat.com/errata/RHBA-2025:0304 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:0381 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:10853 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:1334 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:1468 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:21068 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:21203 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:3870 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:4511 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8059 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8078 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8233 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8479 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8512 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8544 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:8551 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2025:9294 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2026:1536 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2026:2769 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2026:8568 vendor-advisory, x_refsource_REDHAT
• https://access.redhat.com/security/cve/CVE-2024-11831 vdb-entry, x_refsource_REDHAT
• https://bugzilla.redhat.com/show_bug.cgi?id=2312579 issue-tracking, x_refsource_REDHAT
• https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
• https://github.com/yahoo/serialize-javascript/pull/173