Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
🔗 CVE IDs covered (18)
📋 Description
CVE-2022-41678 — ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-5072 — JSON-java: parser confusion leads to OOM CVE-2023-6378 — logback: serialization vulnerability in logback receiver CVE-2023-6481 — logback: A serialization vulnerability in logback receiver CVE-2023-34055 — spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service CVE-2023-36478 — jetty: hpack header values cause denial of service in http/2 CVE-2023-36479 — jetty: Improper addition of quotation marks to user inputs in CgiServlet CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-40167 — jetty: Improper validation of HTTP/1 content-length CVE-2023-46589 — tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46749 — shiro: path traversal attack may lead to authentication bypass CVE-2023-50290 — Solr: Host environment variables are published via the Metrics API CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol CVE-2024-21733 — tomcat: Leaking of unrelated request bodies in default error page CVE-2024-22243 — springframework: URL Parsing with Host Validation CVE-2024-22257 — spring-security: Broken Access Control With Direct Use of AuthenticatedVoter CVE-2024-28752 — cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2024:3354
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209689
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242521
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243123
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246417
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2251917
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2252050
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2252185
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2252230
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2252956
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258132
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258134
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2259204
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2265735
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3354.json