RHSA-2024:4884HighCVSS 9.8

Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.

Published
July 25, 2024
Last Modified
June 30, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2023-51079 — mvel: TimeOut error when calling ParseTools.subCompileExpression() function CVE-2024-1023 — io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx CVE-2024-1300 — io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support CVE-2024-1597 — pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol CVE-2024-5971 — undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket CVE-2024-6162 — undertow: url-encoded request path information can be broken on ajp-listener CVE-2024-22201 — jetty: stop accepting new connections from valid clients CVE-2024-22234 — spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated CVE-2024-22257 — spring-security: Broken Access Control With Direct Use of AuthenticatedVoter CVE-2024-23081 — threetenbp: null pointer exception CVE-2024-29025 — netty-codec-http: Allocation of Resources Without Limits or Throttling CVE-2024-29857 — org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service CVE-2024-30171 — bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) CVE-2024-30172 — org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class CVE-2024-34447 — org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

🔗 References (14)