RHSA-2022:6835HighCVSS 9.8

Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]

Published
October 6, 2022
Last Modified
June 17, 2026

🔗 CVE IDs covered (18)

📋 Description

CVE-2021-22569 — protobuf-java: potential DoS in the parsing procedure for binary data CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2021-41269 — cron-utils: template Injection leading to unauthenticated Remote Code Execution CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0536 — follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0981 — quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus CVE-2022-21724 — jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes CVE-2022-23647 — prismjs: improperly escaped output allows a XSS CVE-2022-24771 — node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery CVE-2022-24772 — node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery CVE-2022-24773 — node-forge: Signature verification leniency in checking DigestInfo structure CVE-2022-25647 — com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25858 — terser: insecure use of regular expressions leads to ReDoS CVE-2022-26520 — postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-31129 — moment: inefficient parsing algorithm resulting in DoS CVE-2022-37734 — graphql-java: DoS by malicious query

🔗 References (21)