Headline
RHSA-2022:1297: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
- CVE-2021-44832: log4j-core: remote code execution via JDBC Appender
- CVE-2021-45046: log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
- CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
- CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
- CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
- CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer
SRPM eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm SHA-256: 78a1f3dda2d459ab369139b27e3bea06b78dbca5d0a05831bb6d8362d34e7682 eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm SHA-256: 9e6adf86ef6a3b74edecc8d68d32cd1f3515321eeee3484804e2b009b12fce54 eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: a9cde27438368f229e0277eaa412a27d517d4ae274a53c8cb5183b23bd1eda9c eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm SHA-256: dfc0143d0e38fcb3ab1bcd99147d4ea035c9a1bd3f34ee5cb29e14b5e4cc3ca8 eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 94c79685fcb5a30d039a2b7d3fa82c3177d92262a24d52f31b648e49703b0e6b eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm SHA-256: df3ca759f1ccefd49e666b613e694af9db22fe53de179cfe2004c5aee85d8ed9 eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 82a8d8ab1ea0f063937161240ec0f45e7a94253545815b9690ba20af95a2f566 eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: aec77ee8134e8513b9187143fc7a07fc72269de203fc486127ea0b58c04f3428 eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: bfbae665addee844d48d485fb89dc7e91d3506fac74c4ff3b2ff5b1a75ba4d87 eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm SHA-256: d5316a2ece764245d6b2285381ef415989f3bf147a94c0e1434c98c279acfaad eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 1abaeb29c9186b7d113837ac2bedb125bc7c4fe0e6040e675eeaa5f856404a49 eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm SHA-256: 8b1441fb72e05bdc3bc09d3d58fef5a92833043bda708986deb28e4185cd6b73 eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: c0ed6de5b2ae06a67fd54e8ef9d6167c46a4aab0a5dc7f4f69db60909c5c5c62 eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm SHA-256: 13b82fe98badaeabb0e9d5a099b8bdd448c9f1a8347d8a95756e6333f04a2800 eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm SHA-256: 6fa3d504a0a176f87c70f8fb15fd8debad9eb296d052b014b43b3c71534e58f2 eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm SHA-256: 2ac31226fb043364a83ff092dfc8da3df29020359860cc6da47c80246627a13f eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm SHA-256: 09a83acce237baa88bbc8e134341b2a35a0c921ea7d1660eca64cb05bec8f847 eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm SHA-256: a63ad2dd49f4ca22981cb0371a4dbf815f484945e337f6bb7b2ee5168ec69e8f eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm SHA-256: b0f323c1b188fd32f58c6f01c60a5cf0274c3b029432d37937f00d17d7fbdc9c x86_64 eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 024de5113d1ea904db04dd52cb7c96333cf96c06d50fd7794fb1ea802a2daaa5 eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: e1ca28ee0d578da5bd8b81e49d8449f6624ea2a1cbe87dd89351af9b3d0ac0ae eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 72c998f68d7f3191dd81a797c1bbe7827c40991c3ef79e5526482d65fde4be08 eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: cc91d2fe0d57ffa3135f61e34a7db0a22137d40c49c8840d01acea8330363019 eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 653fda81c44ad2f7882df74bc508beb7498992caf54cd275c00d9fc120b76fa6 eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 91dc81abcff2dbd45dda807e0c739f8bfafb9f9fc29deec33d2c064bf428c50f eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 0ffc9d720adcc7e87f4815d6965e57d5772652856b73aa097b31d23693f94700 eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 4102e07cbd1031118e44c05a4d32f8be5e7d78268d82b726b98ac624724157a0 eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: a76ef6aa8a55724edbf2c2afa5f81740f0b09a2878050af581d835d224c49d2b eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 9313575bb8982f6cb57b81f0ed093b2065c06938b446af0734bc42795ee73616 eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: fdf62b0f7b76eba520e7765021e1537c546a55df3ef2ced94e2318391d44d506 eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 4c5c80ef77326dbb921a964f1569f4bde19a0d25ae4edebc9821c09263c91432 eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: c487014edf03797d16895ae194f2a9dc05cbcfc5565e9bef9dd172d82f983245 eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: e2c86431f39fbb9a11247d19e3364b04f53ac5b666f7498c90e19e910bc17d4e eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: b293261977f352bb19204445db5d954c49dee416298d88f0b024ddb96cfeffd5 eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm SHA-256: 22b8e5f984db354eea2b1b9448033b753552df496932776da8e01ebbd65a991d eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm SHA-256: ec10fd412deafcd1b8c401efaef66329d70780d012a38c70fc55a8a69d36b236 eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: bda2075f4820ed2371112af02d0b3c51572c9f19e959603d1126f4674344683a eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 76e4d0e33ec54cc06ae34a87250a21af450f465cbd13728e35f5fedb322b01e9 eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 205dcb94762c9bb4d25f4de9ff3be251ebbe95e2fd231c3d6ca6824cfdd3b95f eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 666e8be392305e7661873a8bc37ce9097c863393b798b36d8a3c20f182406f68 eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 392edd90d3d723b271b1a9786e7bc8c89178b9eb40ccd49dff4027e3b249c1a8 eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: ee55144884d3197e2b926b7c8b26fa7189e8f6e8a23e301876c4c4a1719970ad eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a352f5d984d457f5337c03e6f9260231f5d54b083aba47c62d1bd1fba37ee965 eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: fee3cec0788e59952b789596bf08543cb77e3b75a8f49476f8fca6016d61d421 eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: f28b6dbcbf5726fb03ab60c1bc2e28abacab2c71011d09af266a0542b1617e85 eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5989cc5d333481a6b8e151ce7a9e08f9c33e2fb821ad14522524bb7e8fc3e1d5 eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7f63286e598e1cedaacdfe5c9804810d2422b4e57cf5151694fe5750f2b350ad eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d34e6275ef084d82b2668451ab543416009463020d0cf904cb7b9b998bfe2917 eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 0715b4092591b0467f7e9bada1702ebcb80db74b7fe385a0cc60d7bbc3e18d06 eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d718832cc447e1bc79eb4280259ac985ccbcaf0f490beaf79b7d8447fafdf2fb eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5e3a923a1be124d5c73a0c1dfe738f18923fced310a7d13dc99d41cc3c905a2e eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d5726a4ab456190bde6c59030a1cc7cdb6e479942e5e2a5f45fd897438930ea1 eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm SHA-256: a93fa05780e81d909c278f642913b93ac6a0af320b1cc28ded4e3302daaee7b2 eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm SHA-256: a3158702e133b19999a7ced775f89f4eaf3274a93afb996a0b26b84d6d6e489b eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm SHA-256: 316d792ec5954adfa5e8ffca55f7501d637b90887735749156cae255b6df9dc0 eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 6f40df52a97dfbb56d23b9b5e89802b2e5efff30d1e98da3a3714f9fee049383 eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 00c395657e4de832d18dd8e630c1829cbdfab71dea3c506193c297c339b28aa5 eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 44e28a6be6d3315c649399126fce998617ebbf08527a8890b03b9a41ed2d4199 eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: bc43a206c8deaf5957a2fb380dba90b10b8f70841e4da77aa4175d529d55cc09 eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5d186d32c23d8917e7bd7dcf6fb0cfd4e60973d7c938874f2afc443ead12d52f eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 89732398c4e90bb253d2462afd394814877f19e09ae6e2adc5442b085b97de8f eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 889282005773bd28825d5acee783d4ececa6ccc5fa9876480040cd935af19485 eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: bb4dd2784a6eff627e356b39a8823662854a75853dffcee715f801c6b3486592 eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 8f3aaad7dbf64ef77a6c4c0cec079621519c055a29f8b4544c61a13cf708b76b eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 82d93ced3c1e7fe8d55a3ed631467947d3554dc7672f92670787a8746b4a7530 eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 6920899a51da8e16d2cf7293dfc093c2a957237375880915d3c6521fb1be1d2d eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: dec7bf4a63fbfa89699cfa8e5f5db554538517dcbe3b4718aa72f779cad1b3db eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a9211318e0b08d78df7e97b4d13dfd5e2df8bdc74556d33e9ad36ccc778fdf60 eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1605e8ea300aa0b4913adc79f3f0e4f702e71c1aada91aa885cb3b7aab5ac54c eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 4b378473dcb90726a2ee6c369e8edf07d56f6031f19b97cc0c0ea1b9bda25d88 eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm SHA-256: 98cfc2788532bd66ef360804a25353c4cb3064382548ea5c41a7c7e295fb951b eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 82263bd3fdb804391a8279587cbe64c3ddde4908834d062fa26e437d7c4291aa eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm SHA-256: a1f61b44d6ff029541d9cfafd4185cf0960febb454befb980c8e4c2ba5c9b866 eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: bc8e205c40b3fb0a9c30708b256eedaba023b74dc6d51a61778f5fcb54ddbfe4 eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 714aefa3cb4a12e1fe58e9d2c73dab93e0e077a1f868c146de4714d3e80d38b7 eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm SHA-256: d1bf9f8c7a5fb49c46f73e425dabf7703add583bb66c5ffde59966bf5e6005f9 eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm SHA-256: 5d0a5fe44c9e241c4df235fbfc5006a096ce83918cf1daeb8308ff58079d9c25 eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: fd2ed4f4d6ad6ce55bcce1c8c809980060786f69a9c556b5c28175b027535142 eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm SHA-256: 5ac14745fe4acf94613dff0bd100f8fae6e4764f048e8d5ad753f8f9e4331b97 eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm SHA-256: a3029f441751bb5795865370ee86e5236de0fe96a607c69bfa51a8eb89d14486 eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: f3b81017aa58cbadb818d7f08e90c600cf66a29e95232bd1920985f7b8881b12 eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 25513498dfe9366b990220e5fced78209ccf08d6d5aa13d007ae22d7f60070ea eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: c87bb438a3bc823ad1ec4fd7b1b9ba46ec9024ff775c065dc50c3343028b3b95
Related news
A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects * CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction * CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored * CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions * CVE-2022-28281: Mozilla: Out of bounds write d...
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2021-44832: log4j-core: remote code execution via JDBC Appender * CVE-2021-45046: log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) * CVE-2021-45105: log4j-cor...
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2021-44832: log4j-core: remote code execution via JDBC Appender * CVE-2021-45046: log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-442...
Red Hat OpenShift Container Platform release 4.7.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0567: ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod
Release of OpenShift Serverless 1.21.1 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22963: spring-cloud-function: Remote code execution by malicious Spring Expression