Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
🔗 CVE IDs covered (9)
📋 Description
CVE-2021-46877 — jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode CVE-2022-3509 — protobuf-java: Textformat parsing issue leads to DoS CVE-2022-3510 — protobuf-java: Message-Type Extensions parsing issue leads to DoS CVE-2022-3782 — keycloak: path traversal via double URL encoding CVE-2022-4742 — json-pointer: prototype pollution in json-pointer CVE-2022-25881 — http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-45787 — apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider CVE-2023-28867 — graphql-java: crafted GraphQL query causes stack consumption
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2023:3815
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2138971
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2156333
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2181977
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184161
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184176
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2185707
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3815.json