Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]
🔗 CVE IDs covered (18)
📋 Description
CVE-2021-22569 — protobuf-java: potential DoS in the parsing procedure for binary data
CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
CVE-2021-41269 — cron-utils: template Injection leading to unauthenticated Remote Code Execution
CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor
CVE-2022-0536 — follow-redirects: Exposure of Sensitive Information via Authorization Header leak
CVE-2022-0981 — quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus
CVE-2022-21724 — jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
CVE-2022-23647 — prismjs: improperly escaped output allows a XSS
CVE-2022-24771 — node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery
CVE-2022-24772 — node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
CVE-2022-24773 — node-forge: Signature verification leniency in checking DigestInfo structure
CVE-2022-25647 — com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections
CVE-2022-25858 — terser: insecure use of regular expressions leads to ReDoS
CVE-2022-26520 — postgresql-jdbc: Arbitrary File Write Vulnerability
CVE-2022-31129 — moment: inefficient parsing algorithm resulting in DoS
CVE-2022-37734 — graphql-java: DoS by malicious query
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2022:6835
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2024632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2039903
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044591
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2050863
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2053259
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056643
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062520
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064007
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067387
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067458
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067461
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2080850
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2105075
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126809
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6835.json