5 known vulnerabilities · sorted by CVSS score
Nokogiri before 1.5.4 is vulnerable to XXE attacks
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
katello-headpin is vulnerable to CSRF in REST API
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.