Lucene search

K
redhatRedHatRHSA-2023:5441
HistoryOct 04, 2023 - 11:28 a.m.

(RHSA-2023:5441) Moderate: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update

2023-10-0411:28:46
access.redhat.com
45
red hat integration
spring boot 4.0.0
security update
cve
vulnerabilities
errata
unix

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS

0.002

Percentile

62.2%

Red Hat Integration Camel for Spring Boot 4.0.0 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.

  • batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)

  • batik: Server-Side Request Forgery vulnerability (CVE-2022-44730)

  • apache-ivy: XML External Entity vulnerability (CVE-2022-46751)

  • jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

  • jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

  • apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)

  • netty: io.netty:netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

  • jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS

0.002

Percentile

62.2%