Red Hat Security Advisory 2018-2405-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: undertow: Client can use bogus uri in Digest authentication spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code Issues addressed include bypass, deserialization, and file disclosure vulnerabilities.
22636c0c9a281b66fbd3d47e07d655863a099b143f205af9a4652c4f6965646b
Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability.
d1731be7e3c13eb181dffc18934b90d84ba2b0e795604b2cfbfe2829c85a1b0b