RHSA-2023:3815: Important: Service Registry (container images) release and security update [2.4.3 GA]

First published: Tue Jun 27 2023(Updated: )

This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.<br>Security Fix(es):<br><li> keycloak: path traversal via double URL encoding (CVE-2022-3782)</li> <li> jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)</li> <li> protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)</li> <li> protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)</li> <li> json-pointer: prototype pollution in json-pointer (CVE-2022-4742)</li> <li> http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)</li> <li> woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)</li> <li> apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)</li> <li> graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:3815
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness