- Vulnerability/
- RHSA-2022:8761
RHSA-2022:8761: Moderate: Red Hat support for Spring Boot 2.7.2 update
First published: Wed Dec 14 2022(Updated: )
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.<br>This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.<br>Security Fix(es):<br><li> reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)</li> <li> kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)</li> <li> protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)</li> <li> undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)</li> <li> undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)</li> <li> spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/tags
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:8761