RHSA-2024:3354HighCVSS 9.8

Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Published
May 23, 2024
Last Modified
June 30, 2026

🔗 CVE IDs covered (18)

📋 Description

CVE-2022-41678 — ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-5072 — JSON-java: parser confusion leads to OOM CVE-2023-6378 — logback: serialization vulnerability in logback receiver CVE-2023-6481 — logback: A serialization vulnerability in logback receiver CVE-2023-34055 — spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service CVE-2023-36478 — jetty: hpack header values cause denial of service in http/2 CVE-2023-36479 — jetty: Improper addition of quotation marks to user inputs in CgiServlet CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-40167 — jetty: Improper validation of HTTP/1 content-length CVE-2023-46589 — tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46749 — shiro: path traversal attack may lead to authentication bypass CVE-2023-50290 — Solr: Host environment variables are published via the Metrics API CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol CVE-2024-21733 — tomcat: Leaking of unrelated request bodies in default error page CVE-2024-22243 — springframework: URL Parsing with Host Validation CVE-2024-22257 — spring-security: Broken Access Control With Direct Use of AuthenticatedVoter CVE-2024-28752 — cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

🔗 References (18)