First published: Thu Dec 08 2022(Updated: )
Openshift Logging Bug Fix Release (5.3.14)<br>Security Fixe(s):<br><li> jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)</li> <li> jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)</li> <li> jackson-databind: use of deeply nested arrays (CVE-2022-42004)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2022:8889 is addressed through critical security fixes related to denial of service vulnerabilities.
To fix RHSA-2022:8889, update your OpenShift Logging to the specified version provided in the advisory.
RHSA-2022:8889 addresses vulnerabilities including CVE-2020-36518 and CVE-2022-42003 related to jackson-databind.
RHSA-2022:8889 affects specific versions of OpenShift Logging, particularly those prior to the patch release.
Yes, immediate action is recommended to mitigate the denial of service vulnerabilities outlined in RHSA-2022:8889.