Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-42889 (GCVE-0-2022-42889)
Vulnerability from cvelistv5 – Published: 2022-10-13 00:00 – Updated: 2024-11-20 16:19
VLAI
EPSS
Title
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
Summary
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Severity
No CVSS data available.
CWE
- Unexpected variable interpolation
Assigner
References
9 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Commons Text |
Affected:
unspecified , ≤ 1.9
(custom)
Affected: 1.5 , < Apache Commons Text* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"name": "GLSA-202301-05",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"name": "20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T16:22:10.690380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:19:41.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Text",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "Apache Commons Text*",
"status": "affected",
"version": "1.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default."
}
],
"metrics": [
{
"other": {
"content": {
"other": "important"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unexpected variable interpolation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T16:06:47.362Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"name": "GLSA-202301-05",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"name": "20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to Apache Commons Text 1.10.0."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-42889",
"datePublished": "2022-10-13T00:00:00.000Z",
"dateReserved": "2022-10-12T00:00:00.000Z",
"dateUpdated": "2024-11-20T16:19:41.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-42889",
"date": "2026-05-29",
"epss": "0.94251",
"percentile": "0.99933"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-42889\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-10-13T13:15:10.113\",\"lastModified\":\"2024-11-21T07:25:32.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \\\"${prefix:name}\\\", where \\\"prefix\\\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \\\"script\\\" - execute expressions using the JVM script execution engine (javax.script) - \\\"dns\\\" - resolve dns records - \\\"url\\\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.\"},{\"lang\":\"es\",\"value\":\"Apache Commons Text lleva a cabo una interpolaci\u00f3n de variables, permitiendo que las propiedades sean evaluadas y expandidas din\u00e1micamente. El formato est\u00e1ndar para la interpolaci\u00f3n es \\\"${prefix:name}\\\", donde \\\"prefix\\\" es usado para localizar una instancia de org.apache.commons.text.lookup.StringLookup que lleva a cabo la interpolaci\u00f3n. A partir de la versi\u00f3n 1.5 y hasta 1.9, el conjunto de instancias de Lookup por defecto inclu\u00eda interpoladores que pod\u00edan dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario o al contacto con servidores remotos. Estos lookups son: - \\\"script\\\" - ejecuta expresiones usando el motor de ejecuci\u00f3n de scripts de la JVM (javax.script) - \\\"dns\\\" - resuelve registros dns - \\\"url\\\" - carga valores de urls, incluso de servidores remotos Las aplicaciones usando los interpoladores por defecto en las versiones afectadas pueden ser vulnerables a una ejecuci\u00f3n de c\u00f3digo remota o al contacto involuntario con servidores remotos si son usados valores de configuraci\u00f3n que no son confiables. Es recomendado a usuarios actualizar a Apache Commons Text versi\u00f3n 1.10.0, que deshabilita los interpoladores problem\u00e1ticos por defecto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5\",\"versionEndExcluding\":\"1.10.0\",\"matchCriteriaId\":\"F52B385F-442F-4587-B680-DD74CC525D27\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1AE8BD-EE3F-494C-9F03-D4B2B7233106\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:security_threat_response_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.5.0\",\"matchCriteriaId\":\"334BA50E-637D-42E7-AD73-BC13498D79D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5745211-E47A-481B-928F-B56013DAC19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B716977-E015-4628-854B-5828FC3DC150\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F53DC6-084C-4C06-9A5C-550511E5CC58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41FFF517-DCAC-4CF1-A6D7-29828B037245\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F62545-4393-4FD6-9EF4-3516E8835F58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF05B6A-B4F6-4F7A-927E-106A8C1E8ED7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa3800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421FD233-CA15-4207-8690-6A1C4C23BDB8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa5500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C686CC-C971-4891-B8F9-9BE4C09B1160\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9075ED11-DD7E-49E2-90F5-50ACFCD2F4A4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa7500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A506DE-88CE-45C9-A41A-9B5B4E62F36C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:jsa7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFBD1EF-96B1-475E-896A-4000463FEA0A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Feb/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/18/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202301-05\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221020-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Feb/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/18/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202301-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221020-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/4\", \"name\": \"[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/1\", \"name\": \"[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221020-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202301-05\", \"name\": \"GLSA-202301-05\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Feb/3\", \"name\": \"20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:19:05.212Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42889\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-24T16:22:10.690380Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-20T16:19:24.000Z\"}}], \"cna\": {\"title\": \"Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"other\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons Text\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.9\"}, {\"status\": \"affected\", \"version\": \"1.5\", \"lessThan\": \"Apache Commons Text*\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/4\", \"name\": \"[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/1\", \"name\": \"[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221020-0004/\"}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022\"}, {\"url\": \"https://security.gentoo.org/glsa/202301-05\", \"name\": \"GLSA-202301-05\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Feb/3\", \"name\": \"20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html\"}, {\"url\": \"http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Upgrade to Apache Commons Text 1.10.0.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \\\"${prefix:name}\\\", where \\\"prefix\\\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \\\"script\\\" - execute expressions using the JVM script execution engine (javax.script) - \\\"dns\\\" - resolve dns records - \\\"url\\\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Unexpected variable interpolation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-01-19T16:06:47.362Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-42889\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-20T16:19:41.416Z\", \"dateReserved\": \"2022-10-12T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2022-10-13T00:00:00.000Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis - Published: 2025-07-11 - Updated: 2025-07-11
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-07-11T00:00:00",
"last_revision_date": "2025-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
cleanstart-2026-ia43044
Vulnerability from cleanstart
Published
2026-04-01 09:30
Modified
2026-03-23 07:56
Summary
Security fixes for CVE-2020-8908, CVE-2022-42889, CVE-2023-2976, CVE-2024-25710, CVE-2024-26308, CVE-2024-29371, CVE-2024-29857, CVE-2024-30171, CVE-2024-31573, CVE-2024-47554, CVE-2025-11143, CVE-2025-12383, CVE-2025-48734, CVE-2025-48924, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.47.0-r2, 0.47.0-r3
Details
Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "strimzi-kafka-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.47.0-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-IA43044",
"modified": "2026-03-23T07:56:09Z",
"published": "2026-04-01T09:30:15.088429Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IA43044.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42889"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29371"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29857"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-30171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31573"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-12383"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31573"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12383"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2020-8908, CVE-2022-42889, CVE-2023-2976, CVE-2024-25710, CVE-2024-26308, CVE-2024-29371, CVE-2024-29857, CVE-2024-30171, CVE-2024-31573, CVE-2024-47554, CVE-2025-11143, CVE-2025-12383, CVE-2025-48734, CVE-2025-48924, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.47.0-r2, 0.47.0-r3",
"upstream": [
"CVE-2020-8908",
"CVE-2022-42889",
"CVE-2023-2976",
"CVE-2024-25710",
"CVE-2024-26308",
"CVE-2024-29371",
"CVE-2024-29857",
"CVE-2024-30171",
"CVE-2024-31573",
"CVE-2024-47554",
"CVE-2025-11143",
"CVE-2025-12383",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-58057",
"CVE-2025-67735",
"CVE-2025-68161",
"CVE-2025-8916",
"CVE-2026-1002",
"CVE-2026-1605",
"ghsa-72hv-8253-57qq"
]
}
FKIE_CVE-2022-42889
Vulnerability from fkie_nvd - Published: 2022-10-13 13:15 - Updated: 2024-11-21 07:25
Severity
Summary
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html | Third Party Advisory, VDB Entry | |
| security@apache.org | http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html | ||
| security@apache.org | http://seclists.org/fulldisclosure/2023/Feb/3 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/10/13/4 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/10/18/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om | Mailing List, Vendor Advisory | |
| security@apache.org | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022 | Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/202301-05 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20221020-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Feb/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/10/13/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/10/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202301-05 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221020-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | commons_text | * | |
| netapp | bluexp | - | |
| juniper | security_threat_response_manager | * | |
| juniper | security_threat_response_manager | 7.5.0 | |
| juniper | security_threat_response_manager | 7.5.0 | |
| juniper | security_threat_response_manager | 7.5.0 | |
| juniper | security_threat_response_manager | 7.5.0 | |
| juniper | jsa1500 | - | |
| juniper | jsa3500 | - | |
| juniper | jsa3800 | - | |
| juniper | jsa5500 | - | |
| juniper | jsa5800 | - | |
| juniper | jsa7500 | - | |
| juniper | jsa7800 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F52B385F-442F-4587-B680-DD74CC525D27",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BA50E-637D-42E7-AD73-BC13498D79D0",
"versionEndExcluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F5745211-E47A-481B-928F-B56013DAC19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:*",
"matchCriteriaId": "1B716977-E015-4628-854B-5828FC3DC150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:*",
"matchCriteriaId": "22F53DC6-084C-4C06-9A5C-550511E5CC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:*",
"matchCriteriaId": "41FFF517-DCAC-4CF1-A6D7-29828B037245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:jsa1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F62545-4393-4FD6-9EF4-3516E8835F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF05B6A-B4F6-4F7A-927E-106A8C1E8ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "421FD233-CA15-4207-8690-6A1C4C23BDB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C686CC-C971-4891-B8F9-9BE4C09B1160",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9075ED11-DD7E-49E2-90F5-50ACFCD2F4A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A506DE-88CE-45C9-A41A-9B5B4E62F36C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFBD1EF-96B1-475E-896A-4000463FEA0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default."
},
{
"lang": "es",
"value": "Apache Commons Text lleva a cabo una interpolaci\u00f3n de variables, permitiendo que las propiedades sean evaluadas y expandidas din\u00e1micamente. El formato est\u00e1ndar para la interpolaci\u00f3n es \"${prefix:name}\", donde \"prefix\" es usado para localizar una instancia de org.apache.commons.text.lookup.StringLookup que lleva a cabo la interpolaci\u00f3n. A partir de la versi\u00f3n 1.5 y hasta 1.9, el conjunto de instancias de Lookup por defecto inclu\u00eda interpoladores que pod\u00edan dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario o al contacto con servidores remotos. Estos lookups son: - \"script\" - ejecuta expresiones usando el motor de ejecuci\u00f3n de scripts de la JVM (javax.script) - \"dns\" - resuelve registros dns - \"url\" - carga valores de urls, incluso de servidores remotos Las aplicaciones usando los interpoladores por defecto en las versiones afectadas pueden ser vulnerables a una ejecuci\u00f3n de c\u00f3digo remota o al contacto involuntario con servidores remotos si son usados valores de configuraci\u00f3n que no son confiables. Es recomendado a usuarios actualizar a Apache Commons Text versi\u00f3n 1.10.0, que deshabilita los interpoladores problem\u00e1ticos por defecto"
}
],
"id": "CVE-2022-42889",
"lastModified": "2024-11-21T07:25:32.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-13T13:15:10.113",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"source": "security@apache.org",
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-599F-7C49-W659
Vulnerability from github – Published: 2022-10-13 19:00 – Updated: 2022-10-17 17:34
VLAI
Summary
Arbitrary code execution in Apache Commons Text
Details
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Severity
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-text"
},
"ranges": [
{
"events": [
{
"introduced": "1.5"
},
{
"fixed": "1.10.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.guicedee.services:commons-text"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.2.1-jre17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-42889"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-13T20:22:17Z",
"nvd_published_at": "2022-10-13T13:15:00Z",
"severity": "CRITICAL"
},
"details": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"id": "GHSA-599f-7c49-w659",
"modified": "2022-10-17T17:34:05Z",
"published": "2022-10-13T19:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"type": "WEB",
"url": "https://arxiv.org/pdf/2306.05534"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-text"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221020-0004"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary code execution in Apache Commons Text"
}
GSD-2022-42889
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-42889",
"description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"id": "GSD-2022-42889",
"references": [
"https://access.redhat.com/errata/RHSA-2022:8652",
"https://access.redhat.com/errata/RHSA-2022:8876",
"https://access.redhat.com/errata/RHSA-2022:8902",
"https://access.redhat.com/errata/RHSA-2022:9023",
"https://www.suse.com/security/cve/CVE-2022-42889.html",
"https://access.redhat.com/errata/RHSA-2023:0261",
"https://access.redhat.com/errata/RHSA-2023:0469",
"https://access.redhat.com/errata/RHSA-2023:1006"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-42889"
],
"details": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"id": "GSD-2022-42889",
"modified": "2023-12-13T01:19:10.913162Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-42889",
"STATE": "PUBLIC",
"TITLE": "Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Commons Text",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache Commons Text",
"version_value": "1.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unexpected variable interpolation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221020-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"name": "GLSA-202301-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"name": "20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"name": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"name": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Upgrade to Apache Commons Text 1.10.0."
}
]
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.2.2.1-jre17]",
"affected_versions": "All versions up to 1.2.2.1-jre17",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937",
"CWE-94"
],
"date": "2023-06-12",
"description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"fixed_versions": [],
"identifier": "CVE-2022-42889",
"identifiers": [
"GHSA-599f-7c49-w659",
"CVE-2022-42889"
],
"not_impacted": "",
"package_slug": "maven/com.guicedee.services/commons-text",
"pubdate": "2022-10-13",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"http://www.openwall.com/lists/oss-security/2022/10/13/4",
"https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text",
"http://www.openwall.com/lists/oss-security/2022/10/18/1",
"https://security.netapp.com/advisory/ntap-20221020-0004/",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022",
"https://security.gentoo.org/glsa/202301-05",
"http://seclists.org/fulldisclosure/2023/Feb/3",
"http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html",
"https://arxiv.org/pdf/2306.05534",
"https://github.com/advisories/GHSA-599f-7c49-w659"
],
"uuid": "7168e25d-954e-4aad-9a09-829253f2c3df"
},
{
"affected_range": "[1.5,1.10.0)",
"affected_versions": "All versions starting from 1.5 before 1.10.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2022-11-29",
"description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"fixed_versions": [
"1.10.0"
],
"identifier": "CVE-2022-42889",
"identifiers": [
"CVE-2022-42889",
"GHSA-599f-7c49-w659"
],
"not_impacted": "",
"package_slug": "maven/org.apache.commons/commons-text",
"pubdate": "2022-10-13",
"solution": "Upgrade to version 1.10.0 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"http://www.openwall.com/lists/oss-security/2022/10/13/4",
"https://github.com/advisories/GHSA-599f-7c49-w659"
],
"uuid": "d9bd344f-2ac1-4d98-883d-9b9a4df54c4b"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F52B385F-442F-4587-B680-DD74CC525D27",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334BA50E-637D-42E7-AD73-BC13498D79D0",
"versionEndExcluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F5745211-E47A-481B-928F-B56013DAC19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:*",
"matchCriteriaId": "1B716977-E015-4628-854B-5828FC3DC150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:*",
"matchCriteriaId": "22F53DC6-084C-4C06-9A5C-550511E5CC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:*",
"matchCriteriaId": "41FFF517-DCAC-4CF1-A6D7-29828B037245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:jsa1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F62545-4393-4FD6-9EF4-3516E8835F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF05B6A-B4F6-4F7A-927E-106A8C1E8ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "421FD233-CA15-4207-8690-6A1C4C23BDB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C686CC-C971-4891-B8F9-9BE4C09B1160",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9075ED11-DD7E-49E2-90F5-50ACFCD2F4A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A506DE-88CE-45C9-A41A-9B5B4E62F36C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jsa7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFBD1EF-96B1-475E-896A-4000463FEA0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default."
},
{
"lang": "es",
"value": "Apache Commons Text lleva a cabo una interpolaci\u00f3n de variables, permitiendo que las propiedades sean evaluadas y expandidas din\u00e1micamente. El formato est\u00e1ndar para la interpolaci\u00f3n es \"${prefix:name}\", donde \"prefix\" es usado para localizar una instancia de org.apache.commons.text.lookup.StringLookup que lleva a cabo la interpolaci\u00f3n. A partir de la versi\u00f3n 1.5 y hasta 1.9, el conjunto de instancias de Lookup por defecto inclu\u00eda interpoladores que pod\u00edan dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario o al contacto con servidores remotos. Estos lookups son: - \"script\" - ejecuta expresiones usando el motor de ejecuci\u00f3n de scripts de la JVM (javax.script) - \"dns\" - resuelve registros dns - \"url\" - carga valores de urls, incluso de servidores remotos Las aplicaciones usando los interpoladores por defecto en las versiones afectadas pueden ser vulnerables a una ejecuci\u00f3n de c\u00f3digo remota o al contacto involuntario con servidores remotos si son usados valores de configuraci\u00f3n que no son confiables. Es recomendado a usuarios actualizar a Apache Commons Text versi\u00f3n 1.10.0, que deshabilita los interpoladores problem\u00e1ticos por defecto"
}
],
"id": "CVE-2022-42889",
"lastModified": "2024-01-19T16:15:08.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-13T13:15:10.113",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html"
},
{
"source": "security@apache.org",
"url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Feb/3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/4"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202301-05"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0004/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:12409-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
apache-commons-text-1.10.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: apache-commons-text-1.10.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the apache-commons-text-1.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12409
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache-commons-text-1.10.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache-commons-text-1.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12409",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12409-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42889/"
}
],
"title": "apache-commons-text-1.10.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12409-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-text-1.10.0-1.1.aarch64",
"product": {
"name": "apache-commons-text-1.10.0-1.1.aarch64",
"product_id": "apache-commons-text-1.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"product": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"product_id": "apache-commons-text-javadoc-1.10.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-text-1.10.0-1.1.ppc64le",
"product": {
"name": "apache-commons-text-1.10.0-1.1.ppc64le",
"product_id": "apache-commons-text-1.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"product": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"product_id": "apache-commons-text-javadoc-1.10.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-text-1.10.0-1.1.s390x",
"product": {
"name": "apache-commons-text-1.10.0-1.1.s390x",
"product_id": "apache-commons-text-1.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "apache-commons-text-javadoc-1.10.0-1.1.s390x",
"product": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.s390x",
"product_id": "apache-commons-text-javadoc-1.10.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-text-1.10.0-1.1.x86_64",
"product": {
"name": "apache-commons-text-1.10.0-1.1.x86_64",
"product_id": "apache-commons-text-1.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache-commons-text-javadoc-1.10.0-1.1.x86_64",
"product": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.x86_64",
"product_id": "apache-commons-text-javadoc-1.10.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-1.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.aarch64"
},
"product_reference": "apache-commons-text-1.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-1.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.ppc64le"
},
"product_reference": "apache-commons-text-1.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-1.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.s390x"
},
"product_reference": "apache-commons-text-1.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-1.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.x86_64"
},
"product_reference": "apache-commons-text-1.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.aarch64"
},
"product_reference": "apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.ppc64le"
},
"product_reference": "apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.s390x"
},
"product_reference": "apache-commons-text-javadoc-1.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-text-javadoc-1.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.x86_64"
},
"product_reference": "apache-commons-text-javadoc-1.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42889"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42889",
"url": "https://www.suse.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "SUSE Bug 1204284 for CVE-2022-42889",
"url": "https://bugzilla.suse.com/1204284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-text-javadoc-1.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-42889"
}
]
}
OXAS-ADV-2022-0002
Vulnerability from csaf_ox - Published: 2022-11-02 00:00 - Updated: 2024-01-22 00:00Summary
OX App Suite Security Advisory OXAS-ADV-2022-0002
Severity
Critical
Non-alphanumeric content can be injected by the user as JS content for the "upsell" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.
4.3 (Medium)
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite frontend 7.10.6-rev19
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev19:*:*:*:*:*:*
|
7.10.6-rev19 |
Vendor Fix
|
|
OX App Suite frontend 8.4
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*
|
8.4 |
Vendor Fix
|
First fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite frontend 7.10.6-rev20
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev20:*:*:*:*:*:*
|
7.10.6-rev20 | |
|
OX App Suite frontend 8.5
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*
|
8.5 |
Threats
Impact
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account.
Exploit Status
No publicly available exploits are known.
HTML content can be injected by the user as JS content for the "upsell ads" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.
4.3 (Medium)
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite frontend 7.10.6-rev19
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev19:*:*:*:*:*:*
|
7.10.6-rev19 |
Vendor Fix
|
|
OX App Suite frontend 7.6.3-rev50
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.6.3:rev50:*:*:*:*:*:*
|
7.6.3-rev50 |
Vendor Fix
|
First fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite frontend 7.10.6-rev20
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev20:*:*:*:*:*:*
|
7.10.6-rev20 | |
|
OX App Suite frontend 7.6.3-rev51
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.6.3:rev51:*:*:*:*:*:*
|
7.6.3-rev51 |
Threats
Impact
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account.
Exploit Status
No publicly available exploits are known.
In case activity tracking adapters are enabled but not defined, users can use jslob to define own tracking settings for an account. This allows adding arbitrary values to trigger a specific URL or load a library.
4.3 (Medium)
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite backend 7.10.6-rev29
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*
|
7.10.6-rev29 |
Vendor Fix
|
|
OX App Suite backend 8.4
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*
|
8.4 |
Vendor Fix
|
First fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite backend 7.10.6-rev30
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*
|
7.10.6-rev30 | |
|
OX App Suite backend 8.5
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*
|
8.5 |
Threats
Impact
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account.
Exploit Status
No publicly available exploits are known.
When changing a valid external POP3 mail account as a user, the operation to update the accounts settings did not consider deny-list values.
5.0 (Medium)
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite backend 7.10.6-rev29
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*
|
7.10.6-rev29 |
Vendor Fix
|
|
OX App Suite backend 8.4
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*
|
8.4 |
Vendor Fix
|
First fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite backend 7.10.6-rev30
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*
|
7.10.6-rev30 | |
|
OX App Suite backend 8.5
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*
|
8.5 |
Threats
Impact
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies.
Exploit Status
No publicly available exploits are known.
The external E-Mail autodiscovery feature performs connections checks based on the E-Mail addresses host-part. Those do not take existing deny-lists into respect, allowing attackers with access to DNS records of a domain to redirect requests to illegal addresses.
5.0 (Medium)
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite backend 7.10.6-rev29
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*
|
7.10.6-rev29 |
Vendor Fix
|
|
OX App Suite backend 7.6.3-rev65
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.6.3:rev65:*:*:*:*:*:*
|
7.6.3-rev65 |
Vendor Fix
|
|
OX App Suite backend 8.5
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*
|
8.5 |
Vendor Fix
|
First fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite backend 7.10.6-rev30
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*
|
7.10.6-rev30 | |
|
OX App Suite backend 7.6.3-rev66
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.6.3:rev66:*:*:*:*:*:*
|
7.6.3-rev66 | |
|
OX App Suite backend 8.6
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.6:*:*:*:*:*:*:*
|
8.6 |
Threats
Impact
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies.
Exploit Status
No publicly available exploits are known.
A critical vulnerability at the Apache Commons Text library has been identified, which is used by OX App Suite and OX Documents. However, our products do not directly use the vulnerable StringSubstitutor class. Based on current knowledge that means our products are not vulnerable.
9.8 (Critical)
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev50
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*
|
7.10.5-rev50 |
Vendor Fix
|
|
OX App Suite backend 7.10.6-rev29
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*
|
7.10.6-rev29 |
Vendor Fix
|
|
OX App Suite backend 8.6
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.6:*:*:*:*:*:*:*
|
8.6 |
Vendor Fix
|
First fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite backend 7.10.5-rev51
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*
|
7.10.5-rev51 | |
|
OX App Suite backend 7.10.6-rev30
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*
|
7.10.6-rev30 | |
|
OX App Suite backend 8.7
Open-Xchange GmbH / OX App Suite backend
|
cpe:2.3:a:open-xchange:app_suite:8.7:*:*:*:*:*:*:*
|
8.7 |
Threats
Impact
Remote Code Execution, see CVE-2022-42889.
Exploit Status
No publicly available exploits are known.
References
6 references
| URL | Category |
|---|---|
| https://software.open-xchange.com/products/appsui… | external |
| https://software.open-xchange.com/products/appsui… | external |
| https://documentation.open-xchange.com/appsuite/s… | self |
| https://documentation.open-xchange.com/appsuite/s… | self |
| https://documentation.open-xchange.com/appsuite/s… | self |
| https://documentation.open-xchange.com/appsuite/s… | self |
{
"document": {
"aggregate_severity": {
"text": "CRITICAL"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"lang": "en-US",
"publisher": {
"category": "vendor",
"name": "Open-Xchange GmbH",
"namespace": "https://open-xchange.com/"
},
"references": [
{
"category": "external",
"summary": "Release Notes",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6188_7.10.5_2022-11-02.pdf"
},
{
"category": "external",
"summary": "Release Notes",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6189_7.10.6_2022-11-02.pdf"
},
{
"category": "self",
"summary": "Canonical CSAF document",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2022/oxas-adv-2022-0002.json"
},
{
"category": "self",
"summary": "Markdown representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2022/oxas-adv-2022-0002.md"
},
{
"category": "self",
"summary": "HTML representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2022/oxas-adv-2022-0002.html"
},
{
"category": "self",
"summary": "Plain-text representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2022/oxas-adv-2022-0002.txt"
}
],
"title": "OX App Suite Security Advisory OXAS-ADV-2022-0002",
"tracking": {
"current_release_date": "2024-01-22T00:00:00+00:00",
"generator": {
"date": "2024-01-22T13:14:08+00:00",
"engine": {
"name": "OX CSAF",
"version": "1.0.0"
}
},
"id": "OXAS-ADV-2022-0002",
"initial_release_date": "2022-11-02T00:00:00+01:00",
"revision_history": [
{
"date": "2022-11-02T00:00:00+01:00",
"number": "1",
"summary": "Initial release"
},
{
"date": "2024-01-22T00:00:00+00:00",
"number": "2",
"summary": "Public release"
},
{
"date": "2024-01-22T00:00:00+00:00",
"number": "3",
"summary": "Public release"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.10.5-rev50",
"product": {
"name": "OX App Suite frontend 7.10.5-rev50",
"product_id": "OXAS-FRONTEND_7.10.5-rev50",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev19",
"product": {
"name": "OX App Suite frontend 7.10.6-rev19",
"product_id": "OXAS-FRONTEND_7.10.6-rev19",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev19:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "8.4",
"product": {
"name": "OX App Suite frontend 8.4",
"product_id": "OXAS-FRONTEND_8.4",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.5-rev51",
"product": {
"name": "OX App Suite frontend 7.10.5-rev51",
"product_id": "OXAS-FRONTEND_7.10.5-rev51",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev20",
"product": {
"name": "OX App Suite frontend 7.10.6-rev20",
"product_id": "OXAS-FRONTEND_7.10.6-rev20",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev20:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
},
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "OX App Suite frontend 8.5",
"product_id": "OXAS-FRONTEND_8.5",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.6.3-rev50",
"product": {
"name": "OX App Suite frontend 7.6.3-rev50",
"product_id": "OXAS-FRONTEND_7.6.3-rev50",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev50:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.6.3-rev51",
"product": {
"name": "OX App Suite frontend 7.6.3-rev51",
"product_id": "OXAS-FRONTEND_7.6.3-rev51",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev51:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
}
],
"category": "product_name",
"name": "OX App Suite frontend"
},
{
"branches": [
{
"category": "product_version",
"name": "7.10.5-rev50",
"product": {
"name": "OX App Suite backend 7.10.5-rev50",
"product_id": "OXAS-BACKEND_7.10.5-rev50",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev29",
"product": {
"name": "OX App Suite backend 7.10.6-rev29",
"product_id": "OXAS-BACKEND_7.10.6-rev29",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "8.4",
"product": {
"name": "OX App Suite backend 8.4",
"product_id": "OXAS-BACKEND_8.4",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.5-rev51",
"product": {
"name": "OX App Suite backend 7.10.5-rev51",
"product_id": "OXAS-BACKEND_7.10.5-rev51",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev30",
"product": {
"name": "OX App Suite backend 7.10.6-rev30",
"product_id": "OXAS-BACKEND_7.10.6-rev30",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
},
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "OX App Suite backend 8.5",
"product_id": "OXAS-BACKEND_8.5",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.6.3-rev65",
"product": {
"name": "OX App Suite backend 7.6.3-rev65",
"product_id": "OXAS-BACKEND_7.6.3-rev65",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev65:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.6.3-rev66",
"product": {
"name": "OX App Suite backend 7.6.3-rev66",
"product_id": "OXAS-BACKEND_7.6.3-rev66",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev66:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6188"
},
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6189"
}
]
}
}
},
{
"category": "product_version",
"name": "8.6",
"product": {
"name": "OX App Suite backend 8.6",
"product_id": "OXAS-BACKEND_8.6",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "8.7",
"product": {
"name": "OX App Suite backend 8.7",
"product_id": "OXAS-BACKEND_8.7",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:8.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "OX App Suite backend"
}
],
"category": "vendor",
"name": "Open-Xchange GmbH"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-37306",
"cwe": {
"id": "CWE-80",
"name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
},
"discovery_date": "2022-07-29T10:34:17+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "OXUIB-1795"
}
],
"notes": [
{
"category": "description",
"text": "Non-alphanumeric content can be injected by the user as JS content for the \"upsell\" module. As a result, the code will be executed during subsequent logins and opening the \"Portal\" application, enabling a persistent cross-site scripting attack vector."
}
],
"product_status": {
"first_fixed": [
"OXAS-FRONTEND_7.10.5-rev51",
"OXAS-FRONTEND_7.10.6-rev20",
"OXAS-FRONTEND_8.5"
],
"last_affected": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_8.4"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-21T16:16:36+02:00",
"details": "Please deploy the provided updates and patch releases. We improved the allow-list sanitizing algorithm to deal with non-alphanumeric code.",
"product_ids": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_8.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_8.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "XSS using \"upsell\" triggers"
},
{
"cve": "CVE-2022-43696",
"cwe": {
"id": "CWE-80",
"name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
},
"discovery_date": "2022-09-26T10:30:45+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "OXUIB-1933"
}
],
"notes": [
{
"category": "description",
"text": "HTML content can be injected by the user as JS content for the \"upsell ads\" module. As a result, the code will be executed during subsequent logins and opening the \"Portal\" application, enabling a persistent cross-site scripting attack vector."
}
],
"product_status": {
"first_fixed": [
"OXAS-FRONTEND_7.10.5-rev51",
"OXAS-FRONTEND_7.10.6-rev20",
"OXAS-FRONTEND_7.6.3-rev51"
],
"last_affected": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_7.6.3-rev50"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-21T16:07:30+02:00",
"details": "Please deploy the provided updates and patch releases. We improved the sanitization process for upsell ads.",
"product_ids": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_7.6.3-rev50"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OXAS-FRONTEND_7.10.5-rev50",
"OXAS-FRONTEND_7.10.6-rev19",
"OXAS-FRONTEND_7.6.3-rev50"
]
}
],
"threats": [
{
"category": "impact",
"details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "XSS using \"upsell ads\""
},
{
"cve": "CVE-2022-43697",
"cwe": {
"id": "CWE-80",
"name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
},
"discovery_date": "2022-08-16T09:40:05+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "MWB-1784"
}
],
"notes": [
{
"category": "description",
"text": "In case activity tracking adapters are enabled but not defined, users can use jslob to define own tracking settings for an account. This allows adding arbitrary values to trigger a specific URL or load a library."
}
],
"product_status": {
"first_fixed": [
"OXAS-BACKEND_7.10.5-rev51",
"OXAS-BACKEND_7.10.6-rev30",
"OXAS-BACKEND_8.5"
],
"last_affected": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-25T17:06:19+02:00",
"details": "Please deploy the provided updates and patch releases. We made the related jslob configuration endpoint read-only for users.",
"product_ids": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "\"Tracking\" features can be used to inject arbitrary script code"
},
{
"cve": "CVE-2022-43698",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-09-14T13:16:50+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "MWB-1823"
}
],
"notes": [
{
"category": "description",
"text": "When changing a valid external POP3 mail account as a user, the operation to update the accounts settings did not consider deny-list values."
}
],
"product_status": {
"first_fixed": [
"OXAS-BACKEND_7.10.5-rev51",
"OXAS-BACKEND_7.10.6-rev30",
"OXAS-BACKEND_8.5"
],
"last_affected": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-24T16:10:01+02:00",
"details": "Please deploy the provided updates and patch releases. We now check compliance with existing deny-list content when updating POP3 mail accounts.",
"product_ids": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine \"internal\" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "SSRF using POP3 account updates"
},
{
"cve": "CVE-2022-43699",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-10-06T13:09:35+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "MWB-1862"
}
],
"notes": [
{
"category": "description",
"text": "The external E-Mail autodiscovery feature performs connections checks based on the E-Mail addresses host-part. Those do not take existing deny-lists into respect, allowing attackers with access to DNS records of a domain to redirect requests to illegal addresses."
}
],
"product_status": {
"first_fixed": [
"OXAS-BACKEND_7.10.5-rev51",
"OXAS-BACKEND_7.10.6-rev30",
"OXAS-BACKEND_7.6.3-rev66",
"OXAS-BACKEND_8.6"
],
"last_affected": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_7.6.3-rev65",
"OXAS-BACKEND_8.5"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-07T16:24:39+01:00",
"details": "Please deploy the provided updates and patch releases. We check for compliance with existing deny-list content when performing mail account autodiscovery.",
"product_ids": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_7.6.3-rev65",
"OXAS-BACKEND_8.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_7.6.3-rev65",
"OXAS-BACKEND_8.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine \"internal\" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Mail account discovery can be abused for SSRF"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-19T13:46:58+02:00",
"ids": [
{
"system_name": "OX Bug",
"text": "MWB-1882"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability at the Apache Commons Text library has been identified, which is used by OX App Suite and OX Documents. However, our products do not directly use the vulnerable StringSubstitutor class. Based on current knowledge that means our products are not vulnerable."
}
],
"product_status": {
"first_fixed": [
"OXAS-BACKEND_7.10.5-rev51",
"OXAS-BACKEND_7.10.6-rev30",
"OXAS-BACKEND_8.7"
],
"last_affected": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.6"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-21T10:32:30+02:00",
"details": "Please deploy the provided updates and patch releases. We provided a update for this library to resolve the risk as a precaution, in case custom implementations use the vulnerable class.",
"product_ids": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OXAS-BACKEND_7.10.5-rev50",
"OXAS-BACKEND_7.10.6-rev29",
"OXAS-BACKEND_8.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution, see CVE-2022-42889."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Apache Commons Text (CVE-2022-42889)"
}
]
}
RHSA-2022:8652
Vulnerability from csaf_redhat - Published: 2022-11-28 14:39 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update
Severity
Important
Notes
Topic: A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)
* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)
* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)
* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)
* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)
* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)
* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)
* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)
* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)
* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)
* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)
* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)
* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)
* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow() implementation from PGSQL.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
99 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:8652 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1686454 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1991305 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2055496 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2062370 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2066009 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2072009 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087186 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2095862 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2102695 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2105067 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2105075 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2116952 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2126789 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129428 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129706 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2136141 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2019-8331 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1686454 | external |
| https://www.cve.org/CVERecord?id=CVE-2019-8331 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2019-8331 | external |
| https://access.redhat.com/security/cve/CVE-2021-3717 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1991305 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-3717 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-3717 | external |
| https://access.redhat.com/security/cve/CVE-2021-31684 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2102695 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-31684 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-31684 | external |
| https://access.redhat.com/security/cve/CVE-2021-44906 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2066009 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-44906 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-44906 | external |
| https://github.com/advisories/GHSA-xvch-5gv4-984h | external |
| https://access.redhat.com/security/cve/CVE-2022-0613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2055496 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-0613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-0613 | external |
| https://access.redhat.com/security/cve/CVE-2022-2048 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2116952 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-2048 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-2048 | external |
| https://github.com/eclipse/jetty.project/security… | external |
| https://access.redhat.com/security/cve/CVE-2022-2053 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2095862 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-2053 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-2053 | external |
| https://access.redhat.com/security/cve/CVE-2022-24723 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2062370 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24723 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24723 | external |
| https://access.redhat.com/security/cve/CVE-2022-24785 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2072009 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24785 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24785 | external |
| https://github.com/moment/moment/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2022-24823 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087186 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24823 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24823 | external |
| https://access.redhat.com/security/cve/CVE-2022-25857 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2126789 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25857 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25857 | external |
| https://bitbucket.org/snakeyaml/snakeyaml/issues/525 | external |
| https://access.redhat.com/security/cve/CVE-2022-31129 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2105075 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-31129 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-31129 | external |
| https://github.com/moment/moment/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2022-31197 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129428 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-31197 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-31197 | external |
| https://github.com/pgjdbc/pgjdbc/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2022-33980 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2105067 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-33980 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-33980 | external |
| https://access.redhat.com/security/cve/CVE-2022-38749 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129706 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38749 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38749 | external |
| https://access.redhat.com/security/cve/CVE-2022-41853 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2136141 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-41853 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-41853 | external |
| http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt… | external |
| https://github.com/advisories/GHSA-77xx-rxvh-q682 | external |
| https://access.redhat.com/security/cve/CVE-2022-42889 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42889 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42889 | external |
| https://blogs.apache.org/security/entry/cve-2022-42889 | external |
| https://lists.apache.org/thread/n2bd4vdsgkqh2tm14… | external |
| https://seclists.org/oss-sec/2022/q4/22 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)\n\n* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)\n\n* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)\n\n* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)\n\n* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)\n\n* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)\n\n* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)\n\n* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)\n\n* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)\n\n* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)\n\n* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)\n\n* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)\n\n* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)\n\n* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8652",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "2055496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496"
},
{
"category": "external",
"summary": "2062370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2102695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695"
},
{
"category": "external",
"summary": "2105067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8652.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:32:56+00:00",
"generator": {
"date": "2026-05-14T22:32:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:8652",
"initial_release_date": "2022-11-28T14:39:27+00:00",
"revision_history": [
{
"date": "2022-11-28T14:39:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-28T14:39:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.11.1",
"product": {
"name": "Red Hat Fuse 7.11.1",
"product_id": "Red Hat Fuse 7.11.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"cve": "CVE-2021-31684",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2102695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Denial of Service in JSONParserByteArray function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31684"
},
{
"category": "external",
"summary": "RHBZ#2102695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684"
}
],
"release_date": "2021-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-smart: Denial of Service in JSONParserByteArray function"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0613",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urijs: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0613"
},
{
"category": "external",
"summary": "RHBZ#2055496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613"
}
],
"release_date": "2022-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urijs: Authorization Bypass Through User-Controlled Key"
},
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-24723",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062370"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urijs: Leading white space bypasses protocol validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24723"
},
{
"category": "external",
"summary": "RHBZ#2062370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urijs: Leading white space bypasses protocol validation"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-24823",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087186"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: world readable temporary file containing sensitive data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "RHBZ#2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
}
],
"release_date": "2022-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: world readable temporary file containing sensitive data"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-31197",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129428"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow() implementation from PGSQL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be presented soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31197"
},
{
"category": "external",
"summary": "RHBZ#2129428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2"
}
],
"release_date": "2022-08-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names"
},
{
"cve": "CVE-2022-33980",
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Configuration\u0027s variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite embeds affected commons-configuration2 with Candlepin, however, product is not affected since vulnerable org.apache.commons.configuration2.interpol.Lookup is not exposed in code. Product Security has rated this vulnerability Low for Satellite and there is no harm identified to confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33980"
},
{
"category": "external",
"summary": "RHBZ#2105067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
RHSA-2022:8876
Vulnerability from csaf_redhat - Published: 2022-12-07 08:19 - Updated: 2026-05-05 10:06Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.10.2 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.10.2 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections
* (CVE-2022-42003) jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
* (CVE-2022-42004) jackson-databind: use of deeply nested arrays
* (CVE-2022-42889) apache-commons-text: variable interpolation RCE
* (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
* (CVE-2022-38750) snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
* (CVE-2022-38751) snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
44 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:8876 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2126789 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129706 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129707 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129709 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135244 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135247 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2022-25857 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2126789 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25857 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25857 | external |
| https://bitbucket.org/snakeyaml/snakeyaml/issues/525 | external |
| https://access.redhat.com/security/cve/CVE-2022-38749 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129706 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38749 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38749 | external |
| https://access.redhat.com/security/cve/CVE-2022-38750 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129707 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38750 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38750 | external |
| https://access.redhat.com/security/cve/CVE-2022-38751 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129709 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38751 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38751 | external |
| https://access.redhat.com/security/cve/CVE-2022-42003 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135244 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42003 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | external |
| https://access.redhat.com/security/cve/CVE-2022-42004 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135247 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42004 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | external |
| https://access.redhat.com/security/cve/CVE-2022-42889 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42889 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42889 | external |
| https://blogs.apache.org/security/entry/cve-2022-42889 | external |
| https://lists.apache.org/thread/n2bd4vdsgkqh2tm14… | external |
| https://seclists.org/oss-sec/2022/q4/22 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.10.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections\n* (CVE-2022-42003) jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n* (CVE-2022-42004) jackson-databind: use of deeply nested arrays\n* (CVE-2022-42889) apache-commons-text: variable interpolation RCE\n* (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode\n* (CVE-2022-38750) snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n* (CVE-2022-38751) snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8876",
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8876.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.2 release and security update",
"tracking": {
"current_release_date": "2026-05-05T10:06:06+00:00",
"generator": {
"date": "2026-05-05T10:06:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2022:8876",
"initial_release_date": "2022-12-07T08:19:44+00:00",
"revision_history": [
{
"date": "2022-12-07T08:19:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-07T08:19:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-05T10:06:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7",
"product": {
"name": "Red Hat AMQ Broker 7",
"product_id": "Red Hat AMQ Broker 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T08:19:44+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
RHSA-2022:8902
Vulnerability from csaf_redhat - Published: 2022-12-08 13:25 - Updated: 2026-05-05 10:06Summary
Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update
Severity
Moderate
Notes
Topic: A minor version update (from 3.14.5 to 3.18.3) is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* commons-text: apache-commons-text: variable interpolation (CVE-2022-42889)
* org.eclipse.milo-sdk-server: sdk-server: Denial of Service (CVE-2022-25897)
* reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
22 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:8902 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2136188 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2141353 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2022-25897 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2136188 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25897 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25897 | external |
| https://access.redhat.com/security/cve/CVE-2022-31684 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2141353 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-31684 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-31684 | external |
| https://access.redhat.com/security/cve/CVE-2022-42889 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135435 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42889 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42889 | external |
| https://blogs.apache.org/security/entry/cve-2022-42889 | external |
| https://lists.apache.org/thread/n2bd4vdsgkqh2tm14… | external |
| https://seclists.org/oss-sec/2022/q4/22 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 3.14.5 to 3.18.3) is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* commons-text: apache-commons-text: variable interpolation (CVE-2022-42889)\n\n* org.eclipse.milo-sdk-server: sdk-server: Denial of Service (CVE-2022-25897)\n\n* reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8902",
"url": "https://access.redhat.com/errata/RHSA-2022:8902"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q4"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2136188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136188"
},
{
"category": "external",
"summary": "2141353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141353"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8902.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update",
"tracking": {
"current_release_date": "2026-05-05T10:06:06+00:00",
"generator": {
"date": "2026-05-05T10:06:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2022:8902",
"initial_release_date": "2022-12-08T13:25:41+00:00",
"revision_history": [
{
"date": "2022-12-08T13:25:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-08T13:25:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-05T10:06:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.18.3",
"product": {
"name": "RHINT Camel-Springboot 3.18.3",
"product_id": "RHINT Camel-Springboot 3.18.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.18.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25897",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sdk-server: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25897"
},
{
"category": "external",
"summary": "RHBZ#2136188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25897"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25897"
}
],
"release_date": "2022-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T13:25:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nInstallation instructions are available from the Camel for Spring Boot 3.18.3 product documentation page.\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/getting_started_with_camel_spring_boot/index\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/camel_spring_boot_reference/index",
"product_ids": [
"RHINT Camel-Springboot 3.18.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8902"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sdk-server: Denial of Service"
},
{
"cve": "CVE-2022-31684",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2022-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2141353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "reactor-netty-http: Log request headers in some cases of invalid HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31684"
},
{
"category": "external",
"summary": "RHBZ#2141353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31684"
}
],
"release_date": "2022-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T13:25:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nInstallation instructions are available from the Camel for Spring Boot 3.18.3 product documentation page.\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/getting_started_with_camel_spring_boot/index\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/camel_spring_boot_reference/index",
"product_ids": [
"RHINT Camel-Springboot 3.18.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8902"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "reactor-netty-http: Log request headers in some cases of invalid HTTP requests"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T13:25:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nInstallation instructions are available from the Camel for Spring Boot 3.18.3 product documentation page.\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/getting_started_with_camel_spring_boot/index\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/camel_spring_boot_reference/index",
"product_ids": [
"RHINT Camel-Springboot 3.18.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8902"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"RHINT Camel-Springboot 3.18.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…