RHSA-2024:11023: Important: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.
First published: Thu Dec 12 2024(Updated: )
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.<br>The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.<br><li> serve-static: Improper Sanitization in serve-static (CVE-2024-43800)</li> <li> send: Code Execution Vulnerability in Send Library (CVE-2024-43799)</li> <li> org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)</li> <li> org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)</li> <li> quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)</li> <li> braces: fails to limit the number of characters it can handle (CVE-2024-4068)</li> <li> undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)</li> <li> path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)</li> <li> express: Improper Input Handling in Express Redirects (CVE-2024-43796)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Build of Apache Camel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:11023 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2273281
- https://bugzilla.redhat.com/show_bug.cgi?id=2280600
- https://bugzilla.redhat.com/show_bug.cgi?id=2305290
- https://bugzilla.redhat.com/show_bug.cgi?id=2310908
- https://bugzilla.redhat.com/show_bug.cgi?id=2311152
- https://bugzilla.redhat.com/show_bug.cgi?id=2311153
- https://bugzilla.redhat.com/show_bug.cgi?id=2311154
- https://bugzilla.redhat.com/show_bug.cgi?id=2312060
- https://bugzilla.redhat.com/show_bug.cgi?id=2318564
- https://access.redhat.com/security/updates/classification/#important
Frequently Asked Questions
What is the severity of RHSA-2024:11023?
The severity level of RHSA-2024:11023 is determined by the specific vulnerabilities addressed, which typically include potential security and stability risks.
How do I fix RHSA-2024:11023?
To fix RHSA-2024:11023, you should update your Red Hat Build of Apache Camel to the latest version provided in the advisory.
What vulnerabilities are addressed in RHSA-2024:11023?
RHSA-2024:11023 addresses vulnerabilities that may impact the security and performance of the Red Hat Build of Apache Camel.
Is RHSA-2024:11023 critical for all users?
The criticality of RHSA-2024:11023 for users depends on their specific deployment and usage of Red Hat Build of Apache Camel.
What enhancements are included in RHSA-2024:11023?
RHSA-2024:11023 includes enhancements aimed at improving the developer experience alongside addressing security and stability issues.
- agent/severity
- agent/softwarecombine
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2024:11023
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/redhat-errata-latest
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat build of apache camel