Chris Meyers

**Name of the Vulnerable Software and Affected Versions** galaxy ng (affected versions not specified) **Description** A command injection issue exists in the legacy role import API (v1) within the `do git checkout()` function. The system interpolates unsanitized git ref names, such as branch or tag names, into shell commands executed via `subprocess.run()` with `shell=True`. An authenticated user who controls a git repository can use shell metacharacters in a branch or tag name to achieve remote code execution on the pulp worker. This issue is only reachable when the `GALAXY ENABLE LEGACY ROLES` variable is set to True. **Recommendations** As a temporary mitigation, ensure that `GALAXY ENABLE LEGACY ROLES` is set to False to disable the vulnerable legacy role import API. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible aap-gateway (affected versions not specified) **Description** A flaw was found in the Ansible aap-gateway, where concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.