CVE-2023-5625: Python-eventlet: patch regression for cve-2021-21419 in some red hat builds

Description

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

Classification

CVE ID: CVE-2023-5625

Affected Products

Vendor: Red Hat

Product: Ironic content for Red Hat OpenShift Container Platform 4.12

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.13% (probability of being exploited)

EPSS Percentile: 48.01% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2023:6128
https://access.redhat.com/errata/RHSA-2024:0188
https://access.redhat.com/errata/RHSA-2024:0213
https://access.redhat.com/security/cve/CVE-2023-5625
https://bugzilla.redhat.com/show_bug.cgi?id=2244717

Timeline

2024-12-07 00:31:02 UTC
CVE

Python-eventlet: patch regression for cve-2021-21419 in some red hat builds