RHSA-2023:2100HighCVSS 9.8

Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update

Published
May 3, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (35)

CVE-2023-20860CVE-2021-37533CVE-2022-4492CVE-2022-37866CVE-2022-38751CVE-2023-20861CVE-2023-22602CVE-2023-24998CVE-2022-42003CVE-2022-38648CVE-2022-38750CVE-2022-39368CVE-2022-41852 · pendingCVE-2022-25857CVE-2022-31777CVE-2022-33681CVE-2022-40156 · pendingCVE-2022-41881CVE-2022-42890CVE-2023-1370CVE-2023-20863CVE-2022-41853CVE-2022-38749CVE-2022-38752CVE-2022-40150CVE-2022-40151CVE-2022-41704CVE-2023-1436CVE-2022-37865CVE-2022-38398CVE-2022-40146CVE-2022-41854CVE-2022-41966CVE-2022-42004CVE-2022-40152

📋 Description

CVE-2021-37533 — apache-commons-net: FTP client trusts the host from PASV response by default CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-31777 — apache-spark: XSS vulnerability in log viewer UI Javascript CVE-2022-33681 — Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM CVE-2022-37865 — apache-ivy: Directory Traversal CVE-2022-37866 — Ivy: Ivy Path traversal CVE-2022-38398 — batik: Server-Side Request Forgery CVE-2022-38648 — batik: Server-Side Request Forgery CVE-2022-38749 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode CVE-2022-38750 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject CVE-2022-38751 — snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match CVE-2022-38752 — snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode CVE-2022-39368 — scandium: Failing DTLS handshakes may cause throttling to block processing of records CVE-2022-40146 — batik: Server-Side Request Forgery (SSRF) vulnerability CVE-2022-40150 — jettison: memory exhaustion via user-supplied XML or JSON data CVE-2022-40151 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-40156 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41704 — batik: Apache XML Graphics Batik vulnerable to code execution via SVG CVE-2022-41852 — JXPath: untrusted XPath expressions may lead to RCE attack CVE-2022-41853 — hsqldb: Untrusted input may lead to RCE attack CVE-2022-41854 — dev-java/snakeyaml: DoS via stack overflow CVE-2022-41881 — codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS CVE-2022-41966 — xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-42890 — batik: Untrusted code execution in Apache XML Graphics Batik CVE-2023-1370 — json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) CVE-2023-1436 — jettison: Uncontrolled Recursion in JSONArray CVE-2023-20860 — springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern CVE-2023-20861 — springframework: Spring Expression DoS Vulnerability CVE-2023-20863 — springframework: Spring Expression DoS Vulnerability CVE-2023-22602 — shiro: Authentication bypass through a specially crafted HTTP request CVE-2023-24998 — FileUpload: FileUpload DoS with excessive parts

🔗 References (39)