Red Hat Security Advisory: Red Hat build of Quarkus 2.7.7 release and security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-3171 — protobuf-java: timeout in parser leads to DoS CVE-2022-31197 — postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names CVE-2022-41946 — postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions CVE-2022-41966 — xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-0044 — quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure
🔗 References (45)
- selfhttps://access.redhat.com/errata/RHSA-2023:1006
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/articles/4966181
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=redhat.quarkus&version=2.7.7
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129428
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135244
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135247
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135435
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2137645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153399
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158081
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170431
- externalhttps://issues.redhat.com/browse/QUARKUS-2593
- externalhttps://issues.redhat.com/browse/QUARKUS-2705
- externalhttps://issues.redhat.com/browse/QUARKUS-2852
- externalhttps://issues.redhat.com/browse/QUARKUS-2854
- externalhttps://issues.redhat.com/browse/QUARKUS-2855
- externalhttps://issues.redhat.com/browse/QUARKUS-2856
- externalhttps://issues.redhat.com/browse/QUARKUS-2861
- externalhttps://issues.redhat.com/browse/QUARKUS-2862
- externalhttps://issues.redhat.com/browse/QUARKUS-2864
- externalhttps://issues.redhat.com/browse/QUARKUS-2865
- externalhttps://issues.redhat.com/browse/QUARKUS-2866
- externalhttps://issues.redhat.com/browse/QUARKUS-2867
- externalhttps://issues.redhat.com/browse/QUARKUS-2869
- externalhttps://issues.redhat.com/browse/QUARKUS-2871
- externalhttps://issues.redhat.com/browse/QUARKUS-2872
- externalhttps://issues.redhat.com/browse/QUARKUS-2873
- externalhttps://issues.redhat.com/browse/QUARKUS-2874
- externalhttps://issues.redhat.com/browse/QUARKUS-2876
- externalhttps://issues.redhat.com/browse/QUARKUS-2877
- externalhttps://issues.redhat.com/browse/QUARKUS-2879
- externalhttps://issues.redhat.com/browse/QUARKUS-2880
- externalhttps://issues.redhat.com/browse/QUARKUS-2882
- externalhttps://issues.redhat.com/browse/QUARKUS-2883
- externalhttps://issues.redhat.com/browse/QUARKUS-2884
- externalhttps://issues.redhat.com/browse/QUARKUS-2885
- externalhttps://issues.redhat.com/browse/QUARKUS-2886
- externalhttps://issues.redhat.com/browse/QUARKUS-2887
- externalhttps://issues.redhat.com/browse/QUARKUS-2888
- externalhttps://issues.redhat.com/browse/QUARKUS-2889
- externalhttps://issues.redhat.com/browse/QUARKUS-2893
- externalhttps://issues.redhat.com/browse/QUARKUS-2895
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1006.json