RHSA-2024:8064CriticalCVSS 8.8
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.
🔗 CVE IDs covered (6)
📋 Description
CVE-2023-52428 — nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
CVE-2024-7254 — protobuf: StackOverflow vulnerability in Protocol Buffers
CVE-2024-38809 — org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
CVE-2024-38816 — spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
CVE-2024-45294 — org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in org.hl7.fhir.core
CVE-2024-47561 — apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2024:8064
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2309764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310447
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2312060
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2314495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2316116
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8064.json