Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update
🔗 CVE IDs covered (13)
📋 Description
CVE-2018-14371 — mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter CVE-2019-10172 — jackson-mapper-asl: XML external entity similar to CVE-2016-3720 CVE-2019-14900 — hibernate: SQL injection issue in Hibernate ORM CVE-2020-1719 — Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain CVE-2020-1954 — cxf: JMX integration is vulnerable to a MITM attack CVE-2020-6950 — Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10683 — dom4j: XML External Entity vulnerability in default SAX parser CVE-2020-10705 — undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10719 — undertow: invalid HTTP request with large chunk size CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2020:3585
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=eap-cd&version=20
- externalhttps://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1607709
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1666499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1694235
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1715075
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1796617
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1803241
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1805006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1815470
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816216
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1824301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1825714
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828459
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834512
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3585.json