RHSA-2022:5101HighCVSS 9.1
Red Hat Security Advisory: Red Hat AMQ Broker 7.10.0 release and security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2019-10744 — nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-4040 — Broker: Malformed message can result in partial DoS (OOM) CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-1833 — amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure CVE-2022-22968 — Framework: Data Binding Rules Vulnerability CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2022:5101
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.0
- externalhttps://access.redhat.com/documentation/en-us/red_hat_amq_broker/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1739497
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2028254
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2031958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2063601
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2075441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2089406
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5101.json