RHSA-2024:3919HighCVSS 8.1
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
🔗 CVE IDs covered (5)
📋 Description
CVE-2023-4639 — undertow: Cookie Smuggling/Spoofing CVE-2023-26364 — css-tools: Improper Input Validation causes Denial of Service via Regular Expression CVE-2023-36479 — jetty: Improper addition of quotation marks to user inputs in CgiServlet CVE-2023-48631 — css-tools: regular expression denial of service (ReDoS) when parsing CSS CVE-2024-1132 — keycloak: path transversal in redirection validation
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2024:3919
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2166022
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2250364
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2254559
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262117
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3919.json