First published: Wed Oct 14 2020(Updated: )
This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fix(es):<br><li> hibernate-validator: Improper input validation in the interpolation of constraint error messages(CVE-2020-10693)</li> <li> netty: compression/decompression codecs don't enforce limits on buffer allocation sizes(CVE-2020-11612)</li> <li> keycloak: security headers missing on REST endpoints(CVE-2020-1728)</li> <li> keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution(CVE-2020-1714)</li> <li> hibernate: SQL injection issue in Hibernate ORM(CVE-2019-14900)</li> For more details about the security issues and their impact, the CVSS score, acknowledgments, and other related information see the CVE pages listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2020:4252 is categorized as moderate due to the improper input validation vulnerabilities.
To fix RHSA-2020:4252, you need to update to the latest version of the Red Hat build of Quarkus.
RHSA-2020:4252 affects the Red Hat build of Quarkus and its associated libraries, including hibernate-validator.
RHSA-2020:4252 addresses vulnerabilities related to improper input validation in the interpolation of data.
Whether RHSA-2020:4252 is critical for your environment depends on your specific use of Quarkus and the potential impact of the vulnerabilities.