(RHSA-2022:1013) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update


Red Hat Integration - Camel Extensions for Quarkus 2.2.1 serves as a replacement for 2.2 and includes the following security Fix(es): Security Fix(es): * cron-utils: template Injection leading to unauthenticated Remote Code Execution (CVE-2021-41269) * maven: Block repositories using http by default (CVE-2021-26291) * bouncycastle: Timing issue within the EC math library (CVE-2020-15522) * mysql-connector-java: unauthorized access to critical (CVE-2021-2471) * kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178) * protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569) * jersey: Local information disclosure via system temporary directory (CVE-2021-28168) * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690) * h2: Remote Code Execution in Console (CVE-2021-42392) * guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.