Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
🔗 CVE IDs covered (16)
📋 Description
CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-38749 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode CVE-2022-38750 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject CVE-2022-38751 — snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match CVE-2022-38752 — snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-40156 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41854 — dev-java/snakeyaml: DoS via stack overflow CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-46363 — CXF: directory listing / code exfiltration CVE-2022-46364 — CXF: SSRF Vulnerability CVE-2023-1370 — json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) CVE-2023-1436 — jettison: Uncontrolled Recursion in JSONArray CVE-2023-20883 — spring-boot: Spring Boot Welcome Page DoS Vulnerability
🔗 References (20)
- selfhttps://access.redhat.com/errata/RHSA-2023:3641
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129706
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129709
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134288
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135244
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135247
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2145194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2151988
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2155681
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2155682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182788
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2188542
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209342
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json