RHSA-2021:3207: Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

First published: Wed Aug 18 2021(Updated: )

This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)</li> <li> californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)</li> <li> undertow: special character in query results in server errors (CVE-2020-27782)</li> <li> activemq: improper authentication allows MITM attack (CVE-2020-13920)</li> <li> flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)</li> <li> groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)</li> <li> kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)</li> <li> kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2021:3207
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness