RHSA-2024:11023: Important: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.

First published: Thu Dec 12 2024(Updated: )

HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.<br>The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.<br><li> serve-static: Improper Sanitization in serve-static (CVE-2024-43800)</li> <li> send: Code Execution Vulnerability in Send Library (CVE-2024-43799)</li> <li> org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)</li> <li> org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)</li> <li> quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)</li> <li> braces: fails to limit the number of characters it can handle (CVE-2024-4068)</li> <li> undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)</li> <li> path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)</li> <li> express: Improper Input Handling in Express Redirects (CVE-2024-43796)</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata-latest
• source/Red Hat
• anchor-id/RHSA-2024:11023
• agent/software-canonical-lookup
• agent/severity
• agent/softwarecombine
• agent/type
• collector/redhat-errata
• agent/remedy
• agent/last-modified-date
• agent/title
• agent/weakness
• agent/references
• agent/first-publish-date
• agent/tags
• agent/description
• agent/event
• vendor/red hat
• canonical/red hat red hat build of apache camel