Openshift Application Runtimes Security Vulnerabilities and Issues — Openshift Application Runtimes CVE List

Lucene search

RedhatOpenshift Application Runtimes

9 matches found

CVE•added 2019/11/08 3:15 p.m.•230 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01864EPSS

CVE•added 2020/05/26 4:15 p.m.•207 views

CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

6.5CVSS6AI score0.00167EPSS

CVE•added 2020/07/24 4:15 p.m.•160 views

CVE-2020-14297

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make...

6.5CVSS6.1AI score0.00384EPSS

CVE•added 2022/08/24 4:15 p.m.•140 views

CVE-2021-4178

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

6.7CVSS6.7AI score0.00069EPSS

CVE•added 2021/05/27 7:15 p.m.•137 views

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

6.1CVSS5.7AI score0.00432EPSS

CVE•added 2020/07/24 4:15 p.m.•136 views

CVE-2020-14307

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...

6.5CVSS6.1AI score0.00415EPSS

CVE•added 2020/11/02 9:15 p.m.•134 views

CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue...

6.8CVSS6.1AI score0.00392EPSS

CVE•added 2020/10/16 2:15 p.m.•78 views

CVE-2020-14299

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user a...

6.5CVSS6.3AI score0.00096EPSS

CVE•added 2022/08/25 8:15 p.m.•65 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

6.1CVSS5.9AI score0.0026EPSS