Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
Security Fix(es):
snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
scala: deserialization gadget chain (CVE-2022-36944)
DoS of the Okio client when handling a crafted GZIP archive (CVE-2023-3635)
netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)
netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
netty: world readable temporary file containing sensitive data (CVE-2022-24823)
guava: insecure temporary directory creation (CVE-2023-2976)
Jetty servlets with multipart support may cause OOM error with client requests (CVE-2023-26048)
Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies (CVE-2023-26049)
bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
snappy-java: Integer overflow in shuffle leads to DoS (CVE-2023-34453)
snappy-java: Integer overflow in compress leads to DoS (CVE-2023-34454)
snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455)
Flaw in Netty’s SniHandler while navigating TLS handshake; DoS (CVE-2023-34462)
RESTEasy: creation of insecure temp files (CVE-2023-0482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.