RHSA-2024:3920HighCVSS 7.4
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
🔗 CVE IDs covered (5)
📋 Description
CVE-2023-45857 — axios: exposure of confidential data stored in cookies CVE-2024-28849 — follow-redirects: Possible credential leak CVE-2024-29131 — commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() CVE-2024-29133 — commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree CVE-2024-29180 — webpack-dev-middleware: lack of URL validation may lead to file leak
🔗 References (5)
- selfhttps://access.redhat.com/errata/RHSA-2024:3920
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions
- externalhttps://issues.redhat.com/browse/WINDUPRULE-1049
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3920.json