RHSA-2020:0729HighCVSS 7.5
Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2015-9251 — jquery: Cross-site scripting via cross-domain ajax requests CVE-2019-14888 — undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS CVE-2019-14892 — jackson-databind: Serialization gadgets in classes of the commons-configuration package CVE-2019-14893 — jackson-databind: Serialization gadgets in classes of the xalan package CVE-2019-16335 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2020:0729
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=7.3&downloadType=patches
- externalhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1399546
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1755831
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758182
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1772464
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0729.json