RHSA-2023:4612HighCVSS 9.8

Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.13 security update

Published
August 16, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2021-46877 — jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-31684 — reactor-netty-http: Log request headers in some cases of invalid HTTP requests CVE-2022-45143 — tomcat: JsonErrorReportValve injection CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-20860 — springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern CVE-2023-20861 — springframework: Spring Expression DoS Vulnerability

🔗 References (11)