Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:3207: Red Hat Security Advisory: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

An update to the Red Hat Integration Camel Quarkus tech preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es):

  • cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)
  • californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)
  • undertow: special character in query results in server errors (CVE-2020-27782)
  • activemq: improper authentication allows MITM attack (CVE-2020-13920)
  • flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)
  • groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)
  • kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
  • kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2020-13920: activemq: improper authentication allows MITM attack
  • CVE-2020-17518: apache-flink: directory traversal attack allows remote file writing through the REST API
  • CVE-2020-17521: groovy: OS temporary directory leads to information disclosure
  • CVE-2020-26238: cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution
  • CVE-2020-27222: californium-core: DTLS - DoS vulnerability for certificate based handshakes
  • CVE-2020-27782: undertow: special character in query results in server errors
  • CVE-2020-29582: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
  • CVE-2021-20218: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
Red Hat Security Data
Open in Source
#vulnerability#red_hat#apache#java#kubernetes

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data