Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:9023
HistoryDec 14, 2022 - 1:13 p.m.

(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update

2022-12-1413:13:39
access.redhat.com
15

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON

This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • CVE-2022-4147 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus

  • CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

  • CVE-2022-37734 graphql-java: DoS by malicious query

  • CVE-2022-3171 protobuf-java: timeout in parser leads to DoS

  • CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE

  • CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

  • CVE-2022-42004 jackson-databind: use of deeply nested arrays

  • CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 27
redhat 6
ibm 72
openvas 12
gentoo 2
mageia 1
debian 3
osv 15
cve 3
redhatcve 4
veracode 3
prion 4
github 2
fedora 2
oraclelinux 1
suse 2
alpinelinux 1
almalinux 1
wolfi 1
debiancve 1
cgr 1
freebsd 1
ubuntucve 1
rocky 1
redos 1
githubexploit 20
atlassian 4
rapid7blog 2
cnvd 1
f5 1
malwarebytes 1
zdt 1
wallarmlab 1
nessus
nessus
Oracle Primavera Gateway (Jan 2023 CPU)
2023-01-20 00:00:00
SUSE SLED15 / SLES15 Security Update : jackson-databind (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
redhat
redhat
(RHSA-2023:1006) Important: Red Hat build of Quarkus 2.7.7 release and security update
2023-03-08 14:51:11
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2023:0261) Critical: Satellite 6.12.1 Async Security Update
2023-01-18 14:49:14
ibm
ibm
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier
2022-10-27 15:18:21
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
2023-05-02 21:10:24
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
Apache Commons Text: Arbitrary Code Execution
2023-01-11 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DLA 3140-1] libpgjava security update
2022-10-08 01:00:06
osv
osv
jackson-databind - security update
2022-11-27 00:00:00
jackson-databind - security update
2022-11-17 00:00:00
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
2022-09-13 00:00:39
cve
cve
CVE-2022-37734
2022-09-12 14:15:00
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-42889
2022-10-13 13:15:00
redhatcve
redhatcve
CVE-2022-37734
2022-09-14 13:14:43
CVE-2022-31197
2022-09-23 18:18:48
CVE-2022-42004
2022-10-17 07:01:06
veracode
veracode
Denial Of Services (DoS)
2022-09-13 06:20:23
SQL Injection
2022-08-03 22:36:24
Arbitrary Code Execution
2022-10-14 18:57:11
prion
prion
Design/Logic Flaw
2022-09-12 14:15:00
Sql injection
2022-08-03 19:15:00
Code injection
2022-10-02 05:15:00
github
github
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
2022-09-13 00:00:39
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
2022-08-06 05:51:38
fedora
fedora
[SECURITY] Fedora 36 Update: postgresql-jdbc-42.3.1-4.fc36
2022-10-05 01:01:52
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.26-1.fc35
2022-10-05 01:04:52
oraclelinux
oraclelinux
postgresql-jdbc security update
2023-01-24 00:00:00
suse
suse
Security update for postgresql-jdbc (important)
2022-10-18 00:00:00
Security update for postgresql-jdbc (important)
2022-10-06 00:00:00
alpinelinux
alpinelinux
CVE-2022-31197
2022-08-03 19:15:00
almalinux
almalinux
Moderate: postgresql-jdbc security update
2023-01-23 00:00:00
wolfi
wolfi
CVE-2022-31197 vulnerabilities
2024-04-27 03:16:47
debiancve
debiancve
CVE-2022-31197
2022-08-03 19:15:00
cgr
cgr
CVE-2022-31197 vulnerabilities
2024-04-27 03:20:18
freebsd
freebsd
puppetdb -- Potential SQL injection
2022-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2022-31197
2022-08-03 00:00:00
rocky
rocky
postgresql-jdbc security update
2023-01-23 14:30:09
redos
redos
ROS-20230922-01
2023-09-22 00:00:00
githubexploit
githubexploit
Exploit for Code Injection in Apache Commons Text
2023-04-21 08:06:26
Exploit for Code Injection in Apache Commons Text
2022-11-04 19:26:23
Exploit for Code Injection in Apache Commons Text
2022-11-05 14:08:18
atlassian
atlassian
Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)
2022-10-24 22:35:59
FasterXML Vulnerability in Bamboo Data Center and Server
2023-10-06 17:45:23
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
rapid7blog
rapid7blog
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
2022-11-04 13:00:00
CVE-2022-42889: Keep Calm and Stop Saying "4Shell"
2022-10-17 20:36:16
cnvd
cnvd
Apache Commons Text remote code execution vulnerability
2022-10-14 00:00:00
f5
f5
K24823443 : Apache Commons Text vulnerability CVE-2022-42889
2022-10-19 00:00:00
malwarebytes
malwarebytes
Why Log4Text is not another Log4Shell
2022-10-19 19:00:00
zdt
zdt
Apache Commons Text 1.9 Remote Code Execution Exploit
2024-01-21 00:00:00
wallarmlab
wallarmlab
New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889
2022-10-18 05:02:38

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2022:9023
nessus27redhat6ibm72openvas12gentoo2mageia1debian3osv15cve3redhatcve4veracode3prion4github2fedora2oraclelinux1suse2alpinelinux1almalinux1wolfi1debiancve1cgr1freebsd1ubuntucve1rocky1redos1githubexploit20atlassian4rapid7blog2cnvd1f51malwarebytes1zdt1wallarmlab1