Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:1006
HistoryMar 08, 2023 - 2:51 p.m.

(RHSA-2023:1006) Important: Red Hat build of Quarkus 2.7.7 release and security update

2023-03-0814:51:11
access.redhat.com
54

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON

This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed
in the References section.

Security Fix(es):

*CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure [quarkus-2]

*CVE-2022-41946 jdbc-postgresql: postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k [quarkus-2]

*CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [quarkus-2.7]

*CVE-2022-42004 jackson-databind: use of deeply nested arrays [quarkus-2.7]

*CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [quarkus-2.7]

*CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE [quarkus-2.7]

*CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [quarkus-2]

*CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element’s hash values raising a stack overflow [quarkus-2.7]

*CVE-2022-3171 protobuf-java: timeout in parser leads to DoS [quarkus-2]

Related

nessus 38
redhat 12
ibm 58
gentoo 1
openvas 19
mageia 1
debian 6
osv 17
cve 3
fedora 3
oraclelinux 3
github 2
suse 2
prion 3
veracode 3
alpinelinux 2
redhatcve 3
almalinux 3
wolfi 1
debiancve 3
cgr 1
amazon 1
atlassian 1
ubuntucve 3
broadcom 1
freebsd 1
rocky 1
githubexploit 5
cnvd 1
f5 1
nessus
nessus
Oracle Primavera Gateway (Jan 2023 CPU)
2023-01-20 00:00:00
SUSE SLED15 / SLES15 Security Update : jackson-databind (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
redhat
redhat
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update
2022-12-14 13:13:39
(RHSA-2023:1177) Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update
2023-03-09 10:45:20
ibm
ibm
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier
2022-10-27 15:18:21
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2023-06-22 18:28:22
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DLA 3140-1] libpgjava security update
2022-10-08 01:00:06
osv
osv
jackson-databind - security update
2022-11-27 00:00:00
jackson-databind - security update
2022-11-17 00:00:00
BIT-postgresql-jdbc-driver-2022-31197
2024-03-06 11:02:11
cve
cve
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-41966
2022-12-28 00:15:00
CVE-2022-41946
2022-11-23 20:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: postgresql-jdbc-42.3.1-4.fc36
2022-10-05 01:01:52
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.26-1.fc35
2022-10-05 01:04:52
[SECURITY] Fedora 37 Update: postgresql-jdbc-42.4.3-1.fc37
2023-01-13 01:32:00
oraclelinux
oraclelinux
postgresql-jdbc security update
2023-01-24 00:00:00
postgresql-jdbc security update
2023-05-15 00:00:00
postgresql-jdbc security update
2023-05-24 00:00:00
github
github
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
2022-08-06 05:51:38
XStream can cause Denial of Service via stack overflow
2022-12-29 01:48:08
suse
suse
Security update for postgresql-jdbc (important)
2022-10-18 00:00:00
Security update for postgresql-jdbc (important)
2022-10-06 00:00:00
prion
prion
Stack overflow
2022-12-28 00:15:00
Sql injection
2022-08-03 19:15:00
Information disclosure
2022-11-23 20:15:00
veracode
veracode
SQL Injection
2022-08-03 22:36:24
Denial Of Service(DoS)
2022-12-28 07:50:53
Information Disclosure
2022-11-24 07:01:27
alpinelinux
alpinelinux
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-41946
2022-11-23 20:15:00
redhatcve
redhatcve
CVE-2022-31197
2022-09-23 18:18:48
CVE-2022-41946
2022-12-14 14:35:37
CVE-2022-41966
2023-02-16 11:56:06
almalinux
almalinux
Moderate: postgresql-jdbc security update
2023-01-23 00:00:00
Moderate: postgresql-jdbc security update
2023-05-09 00:00:00
Moderate: postgresql-jdbc security update
2023-05-16 00:00:00
wolfi
wolfi
CVE-2022-31197 vulnerabilities
2024-04-27 03:16:47
debiancve
debiancve
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-41966
2022-12-28 00:15:00
CVE-2022-41946
2022-11-23 20:15:00
cgr
cgr
CVE-2022-31197 vulnerabilities
2024-04-27 03:20:18
amazon
amazon
Important: xstream
2023-03-30 18:56:00
atlassian
atlassian
Upgrade Postgres for CVE-2022-41946
2023-03-23 22:26:31
ubuntucve
ubuntucve
CVE-2022-41946
2022-11-23 00:00:00
CVE-2022-41966
2022-12-28 00:00:00
CVE-2022-31197
2022-08-03 00:00:00
broadcom
broadcom
Vulnerable postgresql component found in SANnav RPM package
2023-08-29 00:00:00
freebsd
freebsd
puppetdb -- Potential SQL injection
2022-08-03 00:00:00
rocky
rocky
postgresql-jdbc security update
2023-01-23 14:30:09
githubexploit
githubexploit
Exploit for Uncontrolled Recursion in Xstream Project Xstream
2023-01-06 02:37:07
Exploit for Code Injection in Apache Commons Text
2022-10-18 19:37:40
Exploit for Code Injection in Apache Commons Text
2022-10-18 09:58:00
cnvd
cnvd
PostgreSQL JDBC Drive Information Disclosure Vulnerability
2022-11-25 00:00:00
f5
f5
K24823443 : Apache Commons Text vulnerability CVE-2022-42889
2022-10-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2023:1006
nessus38redhat12ibm58gentoo1openvas19mageia1debian6osv17cve3fedora3oraclelinux3github2suse2prion3veracode3alpinelinux2redhatcve3almalinux3wolfi1debiancve3cgr1amazon1atlassian1ubuntucve3broadcom1freebsd1rocky1githubexploit5cnvd1f51