RHSA-2023:3641HighCVSS 9.8

Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Published
June 15, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-38749 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode CVE-2022-38750 — snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject CVE-2022-38751 — snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match CVE-2022-38752 — snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-40156 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41854 — dev-java/snakeyaml: DoS via stack overflow CVE-2022-42003 — jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS CVE-2022-42004 — jackson-databind: use of deeply nested arrays CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-46363 — CXF: directory listing / code exfiltration CVE-2022-46364 — CXF: SSRF Vulnerability CVE-2023-1370 — json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) CVE-2023-1436 — jettison: Uncontrolled Recursion in JSONArray CVE-2023-20883 — spring-boot: Spring Boot Welcome Page DoS Vulnerability

🔗 References (20)