RHSA-2023:1006HighCVSS 9.8

Red Hat Security Advisory: Red Hat build of Quarkus 2.7.7 release and security update

Published
March 8, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (9)

📋 Description

CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-3171 — protobuf-java: timeout in parser leads to DoS CVE-2022-31197 — postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names CVE-2022-41946 — postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions CVE-2022-41966 — xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-0044 — quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure

🔗 References (45)