RHSA-2023:4612HighCVSS 9.8
Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.13 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2021-46877 — jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-31684 — reactor-netty-http: Log request headers in some cases of invalid HTTP requests CVE-2022-45143 — tomcat: JsonErrorReportValve injection CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-20860 — springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern CVE-2023-20861 — springframework: Spring Expression DoS Vulnerability
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2023:4612
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2141353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158695
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2180528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2180530
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2185707
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4612.json