Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3207
HistoryAug 18, 2021 - 9:50 a.m.

(RHSA-2021:3207) Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

2021-08-1809:50:40
access.redhat.com
35

0.822 High

EPSS

Percentile

98.4%

JSON

This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)

  • californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)

  • undertow: special character in query results in server errors (CVE-2020-27782)

  • activemq: improper authentication allows MITM attack (CVE-2020-13920)

  • flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)

  • groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)

  • kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)

  • kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 16
cvelist 8
redhatcve 8
osv 17
veracode 8
prion 8
cve 8
nvd 8
nuclei 1
ibm 18
nessus 12
freebsd 1
github 7
openvas 3
debian 2
debiancve 4
ubuntucve 4
githubexploit 3
suse 1
archlinux 1
checkpoint_advisories 1
jetbrains 1
oracle 13
redhat
redhat
(RHSA-2021:3205) Moderate: Red Hat Integration Camel-K 1.4 release and security update
2021-08-18 09:09:40
(RHSA-2021:1004) Moderate: Red Hat build of Quarkus 1.11.6 release and security update
2021-03-29 11:07:57
(RHSA-2021:1006) Moderate: OpenShift Container Platform 4.7.5 security and bug fix update
2021-04-05 12:52:40
cvelist
cvelist
CVE-2020-26238 Critical vulnerability found in cron-utils
2020-11-24 23:50:12
CVE-2020-17521
2020-12-07 19:22:37
CVE-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API
2021-01-05 11:40:13
redhatcve
redhatcve
CVE-2020-27222
2021-03-01 13:33:27
CVE-2020-26238
2020-11-25 18:22:07
CVE-2020-13920
2020-09-17 17:30:08
osv
osv
CVE-2020-27222
2021-02-03 16:15:13
CVE-2020-17518
2021-01-05 12:15:12
CVE-2020-26238
2020-11-25 00:15:10
veracode
veracode
Denial Of Service (DoS)
2021-02-04 06:07:28
Template Injection
2020-12-04 00:52:43
Man-in-the-Middle (MitM)
2020-09-11 05:01:42
prion
prion
Code injection
2021-02-03 16:15:00
Design/Logic Flaw
2020-11-25 00:15:00
Design/Logic Flaw
2020-09-10 19:15:00
cve
cve
CVE-2020-17518
2021-01-05 12:15:12
CVE-2020-26238
2020-11-25 00:15:10
CVE-2020-27222
2021-02-03 16:15:13
nvd
nvd
CVE-2020-27222
2021-02-03 16:15:13
CVE-2020-17518
2021-01-05 12:15:12
CVE-2020-26238
2020-11-25 00:15:10
nuclei
nuclei
Apache Flink 1.5.1 - Local File Inclusion
2021-01-06 17:38:45
ibm
ibm
Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)
2021-01-15 22:23:56
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)
2021-01-08 23:05:42
Security Bulletin: CVE-2020-17521 Apache Groovy's provided extension methods to aid with creating temporary directories was using a now superseded Java JDK method call that is potentiallly not secure in some situations.
2021-09-01 20:04:01
nessus
nessus
FreeBSD : nexus2-oss -- Apache ActiveMQ JMX vulnerability (730e922f-20e7-11ec-a574-080027eedc6a)
2021-10-01 00:00:00
openSUSE Security Update : groovy (openSUSE-2020-2367)
2021-01-25 00:00:00
Debian DLA-2400-1 : activemq security update
2020-10-08 00:00:00
freebsd
freebsd
nexus2-oss -- Apache ActiveMQ JMX vulnerability
2020-12-28 00:00:00
github
github
Template injection in cron-utils
2020-11-24 23:48:38
Information Disclosure in Apache Groovy
2020-12-09 19:03:03
Upload of file to arbitrary path in Apache Flink
2022-02-09 22:29:52
openvas
openvas
Debian: Security Advisory (DLA-2400-1)
2020-10-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3917-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-3657-1)
2023-11-21 00:00:00
debian
debian
[SECURITY] [DLA 2400-1] activemq security update
2020-10-07 22:41:28
[SECURITY] [DLA 3657-1] activemq security update
2023-11-20 21:14:23
debiancve
debiancve
CVE-2020-13920
2020-09-10 19:15:13
CVE-2020-17521
2020-12-07 20:15:12
CVE-2020-27782
2021-02-23 19:15:13
ubuntucve
ubuntucve
CVE-2020-13920
2020-09-10 00:00:00
CVE-2020-17521
2020-12-07 00:00:00
CVE-2020-29582
2021-02-03 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Apache Flink
2021-01-06 13:40:06
Exploit for Path Traversal in Apache Flink
2021-01-10 15:06:40
Exploit for Path Traversal in Apache Flink
2021-01-10 01:12:45
suse
suse
Security update for groovy (moderate)
2020-12-31 00:00:00
archlinux
archlinux
[ASA-202103-14] groovy: privilege escalation
2021-03-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Flink Directory Traversal (CVE-2020-17518; CVE-2020-17519)
2021-01-17 00:00:00
jetbrains
jetbrains
JetBrains Security Bulletin Q4 2020
2021-02-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00

0.822 High

EPSS

Percentile

98.4%

JSON
Related for RHSA-2021:3207
redhat16cvelist8redhatcve8osv17veracode8prion8cve8nvd8nuclei1ibm18nessus12freebsd1github7openvas3debian2debiancve4ubuntucve4githubexploit3suse1archlinux1checkpoint_advisories1jetbrains1oracle13