Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:8761
HistoryDec 14, 2022 - 1:14 p.m.

(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update

2022-12-1413:14:18
access.redhat.com
23
red hat support
spring boot
openshift
containerized platform
security fixes
bug fixes
enhancements
cve-2020-5404
cve-2021-4178
cve-2021-22569
cve-2021-3629
cve-2022-1259
cve-2022-1319
cve-2022-22950

0.003 Low

EPSS

Percentile

71.4%

JSON

Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.

Security Fix(es):

  • reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)

  • kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)

  • undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ubuntucve 5
nvd 7
debiancve 5
osv 15
cvelist 7
redhatcve 7
prion 7
cve 7
veracode 8
redhat 34
nessus 28
spring 1
ibm 40
cgr 1
wolfi 1
githubexploit 1
openvas 7
broadcom 1
github 6
atlassian 1
f5 2
ics 1
ubuntu 1
thn 1
debian 1
cert 1
suse 1
rapid7blog 1
checkpoint_security 1
ubuntucve
ubuntucve
CVE-2022-1259
2022-08-31 00:00:00
CVE-2021-22569
2022-01-10 00:00:00
CVE-2022-22950
2022-04-01 00:00:00
nvd
nvd
CVE-2022-1259
2022-08-31 16:15:09
CVE-2021-22569
2022-01-10 14:10:16
CVE-2020-5404
2020-03-03 18:15:12
debiancve
debiancve
CVE-2022-1259
2022-08-31 16:15:09
CVE-2021-22569
2022-01-10 14:10:16
CVE-2022-22950
2022-04-01 23:15:13
osv
osv
CVE-2022-1259
2022-08-31 16:15:09
Allocation of Resources Without Limits or Throttling in Spring Framework
2022-04-03 00:01:00
A potential Denial of Service issue in protobuf-java
2022-01-07 22:31:44
cvelist
cvelist
CVE-2022-1259
2022-08-31 00:00:00
CVE-2022-22950
2022-04-01 22:17:32
CVE-2021-22569 Denial of Service of protobuf-java parsing procedure
2022-01-07 00:00:00
redhatcve
redhatcve
CVE-2022-1259
2022-04-06 13:21:25
CVE-2021-22569
2022-01-12 23:32:15
CVE-2022-22950
2022-03-28 21:07:31
prion
prion
Design/Logic Flaw
2022-08-31 16:15:00
Race condition
2022-04-01 23:15:00
Code injection
2022-08-24 16:15:00
cve
cve
CVE-2022-1259
2022-08-31 16:15:09
CVE-2022-22950
2022-04-01 23:15:13
CVE-2021-22569
2022-01-10 14:10:16
veracode
veracode
Denial Of Service (DoS)
2022-10-05 22:30:11
Denial Of Service (DoS)
2022-06-01 09:52:03
Denial Of Service (DoS)
2022-01-10 05:41:50
redhat
redhat
(RHSA-2022:6823) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:24:30
(RHSA-2022:6822) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:24:18
(RHSA-2022:6825) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:33:49
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6822)
2022-10-10 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6823)
2022-10-10 00:00:00
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14753)
2024-01-11 00:00:00
spring
spring
CVE report published for Spring Framework
2022-03-28 08:00:00
ibm
ibm
Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)
2023-07-28 16:47:11
Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)
2022-11-07 11:28:53
Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)
2022-05-13 17:08:13
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-06-29 09:08:33
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
openvas
openvas
VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Linux
2022-04-06 00:00:00
VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Windows
2022-04-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3922-1)
2022-11-10 00:00:00
broadcom
broadcom
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
2023-08-29 00:00:00
github
github
A potential Denial of Service issue in protobuf-java
2022-01-07 22:31:44
Insufficiently Protected Credentials in Reactor Netty
2022-02-10 20:24:17
fabric8 kubernetes-client vulnerable
2022-07-15 05:17:35
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
f5
f5
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963
2022-03-31 00:00:00
ics
ics
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
2022-10-13 12:00:00
ubuntu
ubuntu
Protocol Buffers vulnerabilities
2023-03-13 00:00:00
thn
thn
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 05:52:00
debian
debian
[SECURITY] [DLA 3393-1] protobuf security update
2023-04-18 07:12:21
cert
cert
Spring Framework insecurely handles PropertyDescriptor objects with data binding
2022-03-31 00:00:00
suse
suse
Security update for protobuf (important)
2022-11-09 00:00:00
rapid7blog
rapid7blog
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
2022-03-30 22:33:54
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02

0.003 Low

EPSS

Percentile

71.4%

JSON
Related for RHSA-2022:8761
ubuntucve5nvd7debiancve5osv15cvelist7redhatcve7prion7cve7veracode8redhat34nessus28spring1ibm40cgr1wolfi1githubexploit1openvas7broadcom1github6atlassian1f52ics1ubuntu1thn1debian1cert1suse1rapid7blog1checkpoint_security1