Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:3809
HistoryJun 29, 2023 - 11:06 a.m.

(RHSA-2023:3809) Moderate: Red Hat build of Quarkus 2.13.8 release and security update

2023-06-2911:06:56
access.redhat.com
35
red hat
quarkus
security update
cve
bug fixes
enhancements
cvss score
uncontrolled recursion
gradle
graphql
oidc
resteasy
keycloak
apache james mime4j
temporary file
stack consumption

0.002 Low

EPSS

Percentile

62.0%

JSON

This release of Red Hat build of Quarkus 2.13.8 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fixes:

  • CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray [quarkus-2]

  • CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks [quarkus-2]

  • CVE-2023-28867 graphql-java: crafted GraphQL query causes stack consumption [quarkus-2]

  • CVE-2023-1584 quarkus-oidc: ID and access tokens leak via the authorization code flow [quarkus-2]

  • CVE-2023-0482 RESTEasy: creation of insecure temp files [quarkus-2]

  • CVE-2022-3782 keycloak: path traversal via double URL encoding [quarkus-2]

  • CVE-2023-0481 io.quarkus-quarkus-parent: quarkus: insecure permissions on temp files [quarkus-2]

  • CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider [quarkus-2]

For more information about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, see the CVE links listed in the References section.

Related

ibm 58
nvd 9
osv 17
veracode 9
alpinelinux 1
redhatcve 9
cve 9
cvelist 9
prion 9
debiancve 3
ubuntucve 3
github 8
redhat 25
cnvd 1
amazon 2
ubuntu 1
nessus 24
atlassian 1
openvas 1
ibm
ibm
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty
2023-10-06 07:58:05
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty
2023-09-27 14:07:50
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access (CVE-2023-46158, CVE-2023-0482, CVE-2022-46364, CVE-2023-28867)
2024-01-17 15:30:23
nvd
nvd
CVE-2023-26053
2023-03-02 04:15:11
CVE-2022-45787
2023-01-06 10:15:10
CVE-2023-28867
2023-03-27 01:15:07
osv
osv
CVE-2023-26053
2023-03-02 04:15:11
BIT-gradle-2023-26053
2024-03-06 10:53:14
GraphQL Java vulnerable to stack consumption
2023-03-27 03:30:16
veracode
veracode
Information Disclosure
2023-01-08 03:34:35
Denial Of Services (DoS)
2023-05-15 07:07:55
Denial Of Services (DoS)
2023-03-31 04:30:33
alpinelinux
alpinelinux
CVE-2023-26053
2023-03-02 04:15:11
redhatcve
redhatcve
CVE-2023-26053
2023-03-02 14:30:26
CVE-2023-28867
2023-03-27 07:13:09
CVE-2022-45787
2023-03-14 19:43:01
cve
cve
CVE-2023-26053
2023-03-02 04:15:11
CVE-2023-28867
2023-03-27 01:15:07
CVE-2022-45787
2023-01-06 10:15:10
cvelist
cvelist
CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks
2023-03-02 03:11:31
CVE-2023-28867
2023-03-27 00:00:00
CVE-2022-45787 Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
2023-01-06 09:31:40
prion
prion
Code injection
2023-03-02 04:15:00
Information disclosure
2023-01-06 10:15:00
Design/Logic Flaw
2023-03-27 01:15:00
debiancve
debiancve
CVE-2023-26053
2023-03-02 04:15:11
CVE-2023-0482
2023-02-17 22:15:11
CVE-2023-1436
2023-03-22 06:15:09
ubuntucve
ubuntucve
CVE-2023-26053
2023-03-02 00:00:00
CVE-2023-0482
2023-02-17 00:00:00
CVE-2023-1436
2023-03-22 00:00:00
github
github
GraphQL Java vulnerable to stack consumption
2023-03-27 03:30:16
Apache James MIME4J vulnerable to information disclosure to local users
2023-01-06 12:31:34
Quarkus OIDC can leak both ID and access tokens
2023-10-04 12:30:14
redhat
redhat
(RHSA-2023:3815) Important: Service Registry (container images) release and security update [2.4.3 GA]
2023-06-27 11:27:30
(RHSA-2023:3185) Important: Red Hat AMQ Broker 7.10.3 release and security update
2023-05-17 13:55:59
(RHSA-2023:2713) Moderate: Red Hat Single Sign-On 7.6.3 security update
2023-05-10 11:57:32
cnvd
cnvd
Apache James licensing issue vulnerability
2023-01-11 00:00:00
amazon
amazon
Important: jettison
2023-05-25 17:41:00
Medium: resteasy-base
2024-01-03 21:04:00
ubuntu
ubuntu
Jettison vulnerability
2023-06-20 00:00:00
nessus
nessus
Amazon Linux 2 : jettison (ALAS-2023-2053)
2023-06-05 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : Jettison vulnerability (USN-6179-1)
2023-06-20 00:00:00
Oracle Enterprise Manager Ops Center (January 2024 CPU)
2024-01-19 00:00:00
atlassian
atlassian
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server
2024-02-14 10:47:14
openvas
openvas
Ubuntu: Security Advisory (USN-6179-1)
2023-06-21 00:00:00

0.002 Low

EPSS

Percentile

62.0%

JSON
Related for RHSA-2023:3809
ibm58nvd9osv17veracode9alpinelinux1redhatcve9cve9cvelist9prion9debiancve3ubuntucve3github8redhat25cnvd1amazon2ubuntu1nessus24atlassian1openvas1