What is the severity of RHSA-2023:3809?

The RHSA-2023:3809 advisory addresses critical security vulnerabilities affecting the Red Hat build of Quarkus.

How do I fix RHSA-2023:3809?

To fix RHSA-2023:3809, update to the latest version of Red Hat build of Quarkus as specified in the advisory.

What vulnerabilities are included in RHSA-2023:3809?

RHSA-2023:3809 includes security fixes for CVE-2023-1436, which pertains to uncontrolled recursion in JSONArray.

Is RHSA-2023:3809 related to any specific software versions?

RHSA-2023:3809 pertains to vulnerabilities present in specific builds of Quarkus prior to version 2.13.8.

Are there any workarounds for the issues in RHSA-2023:3809?

The primary resolution for the issues in RHSA-2023:3809 is to apply the security updates as no effective workarounds are recommended.

Vulnerability/
RHSA-2023:3809

CWE

29/6/2023

RHSA-2023:3809: Moderate: Red Hat build of Quarkus 2.13.8 release and security update

First published: Thu Jun 29 2023(Updated: )

This release of Red Hat build of Quarkus 2.13.8 includes security updates, bug<br>fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fixes:<br><li> CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray [quarkus-2]</li> <li> CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks [quarkus-2]</li> <li> CVE-2023-28867 graphql-java: crafted GraphQL query causes stack consumption [quarkus-2]</li> <li> CVE-2023-1584 quarkus-oidc: ID and access tokens leak via the authorization code flow [quarkus-2]</li> <li> CVE-2023-0482 RESTEasy: creation of insecure temp files [quarkus-2]</li> <li> CVE-2022-3782 keycloak: path traversal via double URL encoding [quarkus-2]</li> <li> CVE-2023-0481 io.quarkus-quarkus-parent: quarkus: insecure permissions on temp files [quarkus-2]</li> <li> CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider [quarkus-2]</li> For more information about the security issues, including the impact, a CVSS<br>score, acknowledgments, and other related information, see the CVE links listed in the References section.

Affected Software	Affected Version	How to fix
Red Hat Build of Quarkus

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2023:3809?
The RHSA-2023:3809 advisory addresses critical security vulnerabilities affecting the Red Hat build of Quarkus.
How do I fix RHSA-2023:3809?
To fix RHSA-2023:3809, update to the latest version of Red Hat build of Quarkus as specified in the advisory.
What vulnerabilities are included in RHSA-2023:3809?
RHSA-2023:3809 includes security fixes for CVE-2023-1436, which pertains to uncontrolled recursion in JSONArray.
Is RHSA-2023:3809 related to any specific software versions?
RHSA-2023:3809 pertains to vulnerabilities present in specific builds of Quarkus prior to version 2.13.8.
Are there any workarounds for the issues in RHSA-2023:3809?
The primary resolution for the issues in RHSA-2023:3809 is to apply the security updates as no effective workarounds are recommended.

agent/references
agent/severity
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2023:3809
agent/title
agent/weakness
agent/remedy
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat build of quarkus