First published: Wed Oct 14 2020(Updated: )
This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fix(es):<br><li> hibernate-validator: Improper input validation in the interpolation of constraint error messages(CVE-2020-10693)</li> <li> netty: compression/decompression codecs don't enforce limits on buffer allocation sizes(CVE-2020-11612)</li> <li> keycloak: security headers missing on REST endpoints(CVE-2020-1728)</li> <li> keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution(CVE-2020-1714)</li> <li> hibernate: SQL injection issue in Hibernate ORM(CVE-2019-14900)</li> For more details about the security issues and their impact, the CVSS score, acknowledgments, and other related information see the CVE pages listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.