Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:3550
HistoryJun 03, 2024 - 11:50 a.m.

(RHSA-2024:3550) Important: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

2024-06-0311:50:58
access.redhat.com
2
hawtio
red hat
apache camel
security
stability
spring-security
nodejs-ip
jose4j
netty-codec-http
follow-redirects
access control
denial of service
resource allocation
credential leak

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.

The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.

  • spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)

  • nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)

  • jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)

  • netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)

  • follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)

Related

cvelist 6
ibm 73
nvd 6
cve 6
ubuntucve 5
prion 3
cnvd 1
veracode 5
github 6
cgr 4
fedora 1
cbl_mariner 4
redhatcve 6
osv 13
nessus 9
openvas 3
debiancve 5
wolfi 4
ubuntu 1
redhat 10
redos 1
oracle 1
cvelist
cvelist
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 07:02:50
CVE-2024-29025 Netty HttpPostRequestDecoder can OOM
2024-03-25 20:09:35
CVE-2024-28849 Proxy-Authorization header kept across hosts in follow-redirects
2024-03-14 17:07:27
ibm
ibm
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities
2024-04-12 15:48:59
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]
2024-04-23 14:07:14
Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).
2024-06-11 21:24:04
nvd
nvd
CVE-2024-22234
2024-02-20 07:15:09
CVE-2024-29025
2024-03-25 20:15:08
CVE-2023-51775
2024-02-29 01:42:05
cve
cve
CVE-2024-22234
2024-02-20 07:15:09
CVE-2024-28849
2024-03-14 17:15:52
CVE-2024-29025
2024-03-25 20:15:08
ubuntucve
ubuntucve
CVE-2024-29025
2024-03-25 00:00:00
CVE-2023-51775
2024-02-29 00:00:00
CVE-2023-42282
2024-02-09 00:00:00
prion
prion
Improper access control
2024-02-20 07:15:00
Design/Logic Flaw
2024-02-29 01:42:00
Design/Logic Flaw
2024-02-08 17:15:00
cnvd
cnvd
Access Control Error Vulnerability in Spring Security
2024-02-21 00:00:00
veracode
veracode
Broken Access Control
2024-02-21 06:57:47
Credential Leakage
2024-03-18 04:38:05
Denial Of Service (DoS)
2024-03-28 03:09:13
github
github
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 09:30:30
Netty's HttpPostRequestDecoder can OOM
2024-03-25 19:40:50
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
cgr
cgr
CVE-2024-28849 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29025 vulnerabilities
2024-05-19 03:07:16
CVE-2023-51775 vulnerabilities
2024-05-19 03:07:16
fedora
fedora
[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40
2024-03-23 00:52:38
cbl_mariner
cbl_mariner
CVE-2024-28849 affecting package reaper for versions less than 3.1.1-9
2024-06-06 19:53:22
CVE-2023-42282 affecting package nodejs18 for versions less than 18.18.2-4
2024-03-05 17:52:42
CVE-2023-42282 affecting package nodejs for versions less than 16.20.2-3
2024-03-05 17:52:42
redhatcve
redhatcve
CVE-2024-22234
2024-02-20 19:49:42
CVE-2024-28849
2024-03-14 18:39:56
CVE-2024-29025
2024-04-03 12:18:09
osv
osv
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 09:30:30
CVE-2024-29025
2024-03-25 20:15:08
Netty's HttpPostRequestDecoder can OOM
2024-03-25 19:40:50
nessus
nessus
Fedora 40 : pgadmin4 (2024-db558f6fb2)
2024-04-29 00:00:00
RHEL 6 : netty-codec-http (Unpatched Vulnerability)
2024-06-22 00:00:00
Debian dla-3834 : libnetty-java - security update
2024-06-22 00:00:00
openvas
openvas
Fedora: Security Advisory for pgadmin4 (FEDORA-2024-db558f6fb2)
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1079-1)
2024-05-07 00:00:00
Ubuntu: Security Advisory (USN-6643-1)
2024-02-20 00:00:00
debiancve
debiancve
CVE-2024-29025
2024-03-25 20:15:08
CVE-2023-51775
2024-02-29 01:42:05
CVE-2024-28849
2024-03-14 17:15:52
wolfi
wolfi
CVE-2024-29025 vulnerabilities
2024-06-25 03:08:26
CVE-2023-51775 vulnerabilities
2024-05-29 03:07:31
CVE-2024-28849 vulnerabilities
2024-06-25 03:08:26
ubuntu
ubuntu
NPM IP vulnerability
2024-02-19 00:00:00
redhat
redhat
(RHSA-2024:2705) Moderate: Red Hat build of Quarkus 3.2.12 release and security update
2024-05-09 11:54:42
(RHSA-2024:2106) Moderate: Red Hat build of Quarkus 3.8.4 release
2024-05-07 16:19:27
(RHSA-2024:2834) Important: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.4.SP1)
2024-05-16 13:51:15
redos
redos
ROS-20240514-04
2024-05-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON
Related for RHSA-2024:3550
cvelist6ibm73nvd6cve6ubuntucve5prion3cnvd1veracode5github6cgr4fedora1cbl_mariner4redhatcve6osv13nessus9openvas3debiancve5wolfi4ubuntu1redhat10redos1oracle1