Lucene search

K
redhatRedHatRHSA-2023:7842
HistoryDec 14, 2023 - 10:48 a.m.

(RHSA-2023:7842) Important: Red Hat Integration Camel for Spring Boot 4.0.2 release security update

2023-12-1410:48:02
access.redhat.com
11
red hat integration
camel
spring boot
security fix
json-java
cve-2023-5072
cvss score
references

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

27.6%

Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available.

The purpose of this text-only errata is to inform you about the security issues fixed.

Security Fix(es):

  • JSON-java: parser confusion leads to OOM (CVE-2023-5072)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

27.6%