Lucene search

K
redhatRedHatRHSA-2024:1797
HistoryApr 22, 2024 - 10:57 a.m.

(RHSA-2024:1797) Important: Red Hat build of Quarkus 2.13.9.SP2 release and security update

2024-04-2210:57:23
access.redhat.com
9
red hat quarkus build
security update
bug fixes
enhancements
cve-2024-1597
cve-2024-25710
cve-2024-26308

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

This release of Red Hat build of Quarkus 2.13.9.SP2 includes security updates,
bug fixes, and enhancements. For more information, see the release notes page
listed in the References section.

Security Fix(es):

  • CVE-2024-1597 org.postgresql/postgresql: pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE [quarkus-2]

  • CVE-2024-25710 org.apache.commons/commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file [quarkus-2]

  • CVE-2024-26308 org.apache.commons/commons-compress: OutOfMemoryError unpacking broken Pack200 file [quarkus-2]