CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
Red Hat build of Apache Camel 4.4.2 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
org.springframework/spring-expression: From NVD collector (CVE-2024-38808)
org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients (CVE-2024-5971)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.