RHSA-2022:6783MediumCVSS 9.8

Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 8

Published
October 4, 2022
Last Modified
June 26, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-42392 — h2: Remote Code Execution in Console CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-0225 — keycloak: Stored XSS in groups dropdown CVE-2022-0866 — wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled CVE-2022-2256 — keycloak: improper input validation permits script injection CVE-2022-2668 — keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

🔗 References (11)