Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a replacement for 2.7 and includes the following security fixes.
Security Fix(es):
jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
jettison: parser crash by stackoverflow (CVE-2022-40149)
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40153)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40155)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.