Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
🔗 CVE IDs covered (19)
📋 Description
CVE-2020-7746 — chart.js: prototype pollution
CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects
CVE-2021-23436 — immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477
CVE-2021-44906 — minimist: prototype pollution
CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor
CVE-2022-0722 — parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
CVE-2022-1365 — cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-1415 — drools: unsafe data deserialization in StreamUtils
CVE-2022-1650 — eventsource: Exposure of Sensitive Information
CVE-2022-2458 — Business-central: Possible XML External Entity Injection attack
CVE-2022-21363 — mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
CVE-2022-21724 — jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
CVE-2022-23437 — xerces-j2: infinite loop when handling specially crafted XML document payloads
CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS
CVE-2022-24771 — node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery
CVE-2022-24772 — node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
CVE-2022-24785 — Moment.js: Path traversal in moment.locale
CVE-2022-26520 — postgresql-jdbc: Arbitrary File Write Vulnerability
CVE-2022-31129 — moment: inefficient parsing algorithm resulting in DoS
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2022:6813
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2041833
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044591
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2047200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2047343
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050863
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2063601
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064007
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2066009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067387
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067458
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2076133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2085307
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2096966
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2103584
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2105075
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107994
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json