First published: Mon Mar 29 2021(Updated: )
This release of Red Hat build of Quarkus 1.11.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fix(es):<br><li> cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)</li> <li> resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)</li> <li> fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)</li> <li> resteasy: information disclosure via HTTP response reuse (CVE-2020-25724)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Quarkus RESTEasy |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2021:1004 is classified as important due to the potential for template injection vulnerabilities.
To fix RHSA-2021:1004, it is recommended to update to the latest version of Red Hat build of Quarkus.
RHSA-2021:1004 specifically affects the Red Hat build of Quarkus version 1.11.6.
The security risks associated with RHSA-2021:1004 include the possibility of arbitrary code execution due to template injection.
There are no official workarounds for RHSA-2021:1004; the only resolution is to apply the provided security updates.