First published: Thu Jul 30 2020(Updated: )
This release of Red Hat build of Quarkus 1.3.4 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fix(es):<br><li> postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML(CVE-2020-13692)</li> <li> RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)</li> For more details about the security issues and their impact, the CVSS score, acknowledgments, and other related information see the CVE pages listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2020:3248 is classified as important.
RHSA-2020:3248 addresses an XML external entity (XXE) vulnerability in postgresql-jdbc.
To fix RHSA-2020:3248, you need to update the Red Hat build of Quarkus to version 1.3.4 SP1 or later.
The impact of the XML external entity vulnerability can lead to exposure of sensitive data or denial of service.
There are no specific workarounds for RHSA-2020:3248, so updating is the recommended action.