Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.
🔗 CVE IDs covered (16)
📋 Description
CVE-2023-51079 — mvel: TimeOut error when calling ParseTools.subCompileExpression() function CVE-2024-1023 — io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx CVE-2024-1300 — io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support CVE-2024-1597 — pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol CVE-2024-5971 — undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket CVE-2024-6162 — undertow: url-encoded request path information can be broken on ajp-listener CVE-2024-22201 — jetty: stop accepting new connections from valid clients CVE-2024-22234 — spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated CVE-2024-22257 — spring-security: Broken Access Control With Direct Use of AuthenticatedVoter CVE-2024-23081 — threetenbp: null pointer exception CVE-2024-29025 — netty-codec-http: Allocation of Resources Without Limits or Throttling CVE-2024-29857 — org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service CVE-2024-30171 — bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) CVE-2024-30172 — org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class CVE-2024-34447 — org.bouncycastle: Use of Incorrectly-Resolved Name or Reference
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2024:4884
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2256065
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260840
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2263139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2266136
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2266523
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2274197
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2276360
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2293025
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2293028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2293069
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4884.json