CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
92.3%
This release of Red Hat build of Quarkus 2.2.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.
Security Fix(es):
kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)
kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)
jakarta.el: jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)
netty-codec: Bzip2Decoder doesnât allow setting size restrictions for decompressed data (CVE-2021-37136)
netty-codec: SnappyFrameDecoder doesnât restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
mysql-connector-java: unauthorized access to critical (CVE-2021-2471)
cron-utils: template Injection leading to unauthenticated Remote Code Execution(CVE-2021-41269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
92.3%