RHSA-2024:2707HighCVSS 9.1
Red Hat Security Advisory: Red Hat Build of Apache Camel security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-5685 — xnio: StackOverflowException when the chain of notifier states becomes problematically big CVE-2023-35116 — jackson-databind: denial of service via cylic dependencies CVE-2023-51074 — json-path: stack-based buffer overflow in Criteria.parse method CVE-2024-21733 — tomcat: Leaking of unrelated request bodies in default error page CVE-2024-29736 — apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter CVE-2024-32007 — apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2024:2707
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215214
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241822
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2256063
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2259204
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2707.json