RHSA-2022:9023: Important: Red Hat build of Quarkus 2.13.5 release and security update

First published: Wed Dec 14 2022(Updated: )

This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug<br>fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fix(es):<br><li> CVE-2022-4147 quarkus-vertx-<a href="http:" target="_blank">http:</a> Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus </li> <li> CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE</li> <li> CVE-2022-37734 graphql-java: DoS by malicious query</li> <li> CVE-2022-3171 protobuf-java: timeout in parser leads to DoS</li> <li> CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE</li> <li> CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS</li> <li> CVE-2022-42004 jackson-databind: use of deeply nested arrays </li> <li> CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2022:9023
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness