RHSA-2020:3585HighCVSS 8.1

Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update

Published
August 31, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (13)

📋 Description

CVE-2018-14371 — mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter CVE-2019-10172 — jackson-mapper-asl: XML external entity similar to CVE-2016-3720 CVE-2019-14900 — hibernate: SQL injection issue in Hibernate ORM CVE-2020-1719 — Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain CVE-2020-1954 — cxf: JMX integration is vulnerable to a MITM attack CVE-2020-6950 — Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10683 — dom4j: XML External Entity vulnerability in default SAX parser CVE-2020-10705 — undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10719 — undertow: invalid HTTP request with large chunk size CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

🔗 References (18)