RHSA-2023:0471HighCVSS 9.8
Red Hat Security Advisory: Migration Toolkit for Runtimes security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2022-3517 — nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-25914 — jib-core: RCE via the isDockerInstalled CVE-2022-37603 — loader-utils: Regular expression denial of service CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-42920 — Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2023:0471
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134344
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134609
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135244
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135247
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140597
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2142707
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0471.json