9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
0.802 High
EPSS
Percentile
98.3%
A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.
Security Fix(es):
hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)
jetty: request containing multiple Accept headers with a large number of “quality” parameters may lead to DoS (CVE-2020-27223)
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
mysql-connector-java: unauthorized access to critical (CVE-2021-2471)
lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)
undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)
elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)
jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)
xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)
resteasy: Error message exposes endpoint class information (CVE-2021-20289)
elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
0.802 High
EPSS
Percentile
98.3%