Lucene search

K
redhatRedHatRHSA-2022:0589
HistoryFeb 21, 2022 - 6:18 p.m.

(RHSA-2022:0589) Moderate: Red Hat build of Quarkus 2.2.5 release and security update

2022-02-2118:18:19
access.redhat.com
35

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.041 Low

EPSS

Percentile

91.9%

This release of Red Hat build of Quarkus 2.2.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)

  • kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • jakarta.el: jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)

  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

  • mysql-connector-java: unauthorized access to critical (CVE-2021-2471)

  • cron-utils: template Injection leading to unauthenticated Remote Code Execution(CVE-2021-41269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.041 Low

EPSS

Percentile

91.9%