RHSA-2023:0758MediumCVSS 9.8
Red Hat Security Advisory: Red Hat build of Quarkus 2.13.7 release and security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-41881 — codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS CVE-2022-41946 — postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2023-0044 — quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2023:0758
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=2.13.7
- externalhttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/
- externalhttps://access.redhat.com/articles/4966181
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2145194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153399
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158081
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0758.json