RHSA-2020:4252HighCVSS 7.5
Red Hat Security Advisory: Red Hat build of Quarkus 1.7.5 release and security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2019-14900 — hibernate: SQL injection issue in Hibernate ORM CVE-2020-1714 — keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution CVE-2020-1728 — keycloak: security headers missing on REST endpoints CVE-2020-10693 — hibernate-validator: Improper input validation in the interpolation of constraint error messages CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2020:4252
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=1.7.5
- externalhttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/1.7/html/release_notes_for_red_hat_build_of_quarkus_1.7/index
- externalhttps://access.redhat.com/articles/4966181
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1666499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1705975
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1800585
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1805501
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1816216
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4252.json