RHSA-2026:33371HighCVSS 9.6

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update

Published
June 30, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2024-29371 — jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression CVE-2025-9784 — undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability CVE-2025-12543 — undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-23184 — org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files CVE-2025-23368 — org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI CVE-2025-66412 — angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes CVE-2025-69873 — ajv: ReDoS via $data reference CVE-2026-1002 — io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files CVE-2026-24842 — node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

🔗 References (12)