RHSA-2024:7052HighCVSS 8.6
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)
🔗 CVE IDs covered (5)
📋 Description
CVE-2024-8391 — io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size
CVE-2024-32007 — apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
CVE-2024-35255 — azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
CVE-2024-41172 — apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients
CVE-2024-45294 — org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in org.hl7.fhir.core
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2024:7052
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/security/cve/CVE-2024-45294
- externalhttps://access.redhat.com/security/cve/CVE-2024-8391
- externalhttps://access.redhat.com/security/cve/CVE-2024-32007
- externalhttps://access.redhat.com/security/cve/CVE-2024-41172
- externalhttps://access.redhat.com/security/cve/CVE-2024-35255
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2295081
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2298828
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2298829
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2309758
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310447
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7052.json