RHSA-2024:6883HighCVSS 9.1
Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.
🔗 CVE IDs covered (6)
📋 Description
CVE-2023-52428 — nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
CVE-2024-5971 — undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
CVE-2024-7885 — undertow: Improper State Management in Proxy Protocol parsing causes information leakage
CVE-2024-29736 — apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter
CVE-2024-32007 — apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
CVE-2024-45294 — org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in org.hl7.fhir.core
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2024:6883
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2298827
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2298828
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2305290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2309764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310447
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6883.json