RHSA-2023:0556HighCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

Published
January 31, 2023
Last Modified
July 3, 2026

🔗 CVE IDs covered (20)

📋 Description

CVE-2015-9251 — jquery: Cross-site scripting via cross-domain ajax requests CVE-2016-10735 — bootstrap: XSS in the data-target attribute CVE-2017-18214 — nodejs-moment: Regular expression denial of service CVE-2018-14040 — bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute CVE-2018-14041 — bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy CVE-2018-14042 — bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip CVE-2019-8331 — bootstrap: XSS in the tooltip or popover data-template attribute CVE-2019-11358 — jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-40149 — jettison: parser crash by stackoverflow CVE-2022-40150 — jettison: memory exhaustion via user-supplied XML or JSON data CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-45693 — jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos CVE-2022-46363 — CXF: directory listing / code exfiltration CVE-2022-46364 — CXF: SSRF Vulnerability

🔗 References (44)