Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.
1bb832bf7ada06ee62e5e890aaaa9e8555545e8a79873bfe81eac208c4eb6165-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Advisory ID: RHSA-2023:2100-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2100
Issue date: 2023-05-03
CVE Names: CVE-2021-37533 CVE-2022-4492 CVE-2022-25857
CVE-2022-31777 CVE-2022-33681 CVE-2022-37865
CVE-2022-37866 CVE-2022-38398 CVE-2022-38648
CVE-2022-38749 CVE-2022-38750 CVE-2022-38751
CVE-2022-38752 CVE-2022-39368 CVE-2022-40146
CVE-2022-40150 CVE-2022-40151 CVE-2022-40152
CVE-2022-40156 CVE-2022-41704 CVE-2022-41852
CVE-2022-41853 CVE-2022-41854 CVE-2022-41881
CVE-2022-41966 CVE-2022-42003 CVE-2022-42004
CVE-2022-42890 CVE-2023-1370 CVE-2023-1436
CVE-2023-20860 CVE-2023-20861 CVE-2023-20863
CVE-2023-22602 CVE-2023-24998
=====================================================================
1. Summary:
Red Hat Integration Camel for Spring Boot 3.20.1 release and security
update is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
This release of Camel for Spring Boot 3.20.1 serves as a replacement for
Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which
are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security
issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for
collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack
(CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps
based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
(CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by
default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the
undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript
(CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy
can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in
org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
(CVE-2022-38750)
* snakeyaml: Uncaught exception in
java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
(CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block
processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG
(CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
(CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik
(CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request
(CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts
(CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart
(Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
2134288 - CVE-2022-40156 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data
2136128 - CVE-2022-41852 JXPath: untrusted XPath expressions may lead to RCE attack
2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack
2136207 - CVE-2022-33681 Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
2145205 - CVE-2022-39368 scandium: Failing DTLS handshakes may cause throttling to block processing of records
2145264 - CVE-2022-31777 apache-spark: XSS vulnerability in log viewer UI Javascript
2150011 - CVE-2022-37866 : Apache Ivy: Ivy Path traversal
2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow
2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
2155291 - CVE-2022-40146 batik: Server-Side Request Forgery (SSRF) vulnerability
2155292 - CVE-2022-38398 batik: Server-Side Request Forgery
2155295 - CVE-2022-38648 batik: Server-Side Request Forgery
2169924 - CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts
2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
2180530 - CVE-2023-20861 springframework: Spring Expression DoS Vulnerability
2182182 - CVE-2022-41704 batik: Apache XML Graphics Batik vulnerable to code execution via SVG
2182183 - CVE-2022-42890 batik: Untrusted code execution in Apache XML Graphics Batik
2182188 - CVE-2022-37865 apache-ivy: Directory Traversal
2182198 - CVE-2023-22602 shiro: Authentication bypass through a specially crafted HTTP request
2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray
2187742 - CVE-2023-20863 springframework: Spring Expression DoS Vulnerability
2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
5. References:
https://access.redhat.com/security/cve/CVE-2021-37533
https://access.redhat.com/security/cve/CVE-2022-4492
https://access.redhat.com/security/cve/CVE-2022-25857
https://access.redhat.com/security/cve/CVE-2022-31777
https://access.redhat.com/security/cve/CVE-2022-33681
https://access.redhat.com/security/cve/CVE-2022-37865
https://access.redhat.com/security/cve/CVE-2022-37866
https://access.redhat.com/security/cve/CVE-2022-38398
https://access.redhat.com/security/cve/CVE-2022-38648
https://access.redhat.com/security/cve/CVE-2022-38749
https://access.redhat.com/security/cve/CVE-2022-38750
https://access.redhat.com/security/cve/CVE-2022-38751
https://access.redhat.com/security/cve/CVE-2022-38752
https://access.redhat.com/security/cve/CVE-2022-39368
https://access.redhat.com/security/cve/CVE-2022-40146
https://access.redhat.com/security/cve/CVE-2022-40150
https://access.redhat.com/security/cve/CVE-2022-40151
https://access.redhat.com/security/cve/CVE-2022-40152
https://access.redhat.com/security/cve/CVE-2022-40156
https://access.redhat.com/security/cve/CVE-2022-41704
https://access.redhat.com/security/cve/CVE-2022-41852
https://access.redhat.com/security/cve/CVE-2022-41853
https://access.redhat.com/security/cve/CVE-2022-41854
https://access.redhat.com/security/cve/CVE-2022-41881
https://access.redhat.com/security/cve/CVE-2022-41966
https://access.redhat.com/security/cve/CVE-2022-42003
https://access.redhat.com/security/cve/CVE-2022-42004
https://access.redhat.com/security/cve/CVE-2022-42890
https://access.redhat.com/security/cve/CVE-2023-1370
https://access.redhat.com/security/cve/CVE-2023-1436
https://access.redhat.com/security/cve/CVE-2023-20860
https://access.redhat.com/security/cve/CVE-2023-20861
https://access.redhat.com/security/cve/CVE-2023-20863
https://access.redhat.com/security/cve/CVE-2023-22602
https://access.redhat.com/security/cve/CVE-2023-24998
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZFKf5tzjgjWX9erEAQhIqg//XeYlOwVssDc5dWFf02uXELWr1vTurtJ+
7QGG8kgacPOojp8CHqFy1Bgyt0XIRQq75pwaFRjG4ea2Tbfusr77ZDq9Yq/wl18p
4U8FZ885MIaTYPt+xK2kNVf0c0qJAxwIcA9h+FSrmETpNxPcf2axexpbyRNdSLIv
3Oet0spu1hpJl0agTZ214dRFODuLq/ZylBueAQB0D1UbUFwdhs0Ay/LdGxvq6fNp
HcZU8YQvhbTCgqV3Hr4Y9wsgvyjENoLkp6QhaD38Jgp3JvXwFLbLfvZNRZn7ILKx
VIz4Tqr1qrEMzsX0gZuM2H5fIjriXezhrPKvy6V2aA6rHws2p1DociAGepQmCL64
Obc6UE36z5ebu7yGXMzzcuxE4TP7rrAokEqEjVngysitXoFHlt3CdNFrfaHU8fOc
HykRqQm0BhMKGtocLUSG9Ykw/k0AbX0ZtDqrLjsjTJczulJXm43qEN0KQZjZEz78
5OHTThAs7Cz3l77NMvk6XTOsr+kxYLoJdmdfWPkyeFjqZ73F7DR6KZLSNOuho5mE
rNI24kXfC/1NwqyteG/3936kO1nHHWx4X3s9IQ/JHCLe7vnsAt3tEi1MUG16tvpb
dSnn728JfYB1L8IdYNh+BUgEmc2P5KaMb+wpilffsW3lIgwKOsFa/Z6noMeJCjiO
4+sH8zYm/3A=
=u6p/
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed