Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:2707
HistoryMay 06, 2024 - 2:08 p.m.

(RHSA-2024:2707) Important: Red Hat Build of Apache Camel security update

2024-05-0614:08:42
access.redhat.com
22
red hat apache camel
security update
cve-2023-5685
cve-2024-21733
cve-2023-2976
cve-2023-35116
cve-2023-51074

8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.

The purpose of this text-only errata is to inform you about the security issues fixed.

Security Fix(es):

  • xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)

  • tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)

  • guava: insecure temporary directory creation (CVE-2023-2976)

  • jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)

  • json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

osv 9
packetstorm 1
ibm 67
cve 5
f5 1
openvas 5
prion 4
zdt 1
cgr 2
redhat 19
nessus 39
cvelist 5
debiancve 5
hackerone 1
redhatcve 5
github 4
ubuntucve 5
nvd 5
veracode 4
vulnrichment 1
wolfi 2
atlassian 3
redos 1
cbl_mariner 1
tomcat 2
intel 1
mageia 1
osv
osv
CVE-2024-21733
2024-01-19 11:15:08
json-path Out-of-bounds Write vulnerability
2023-12-27 21:31:01
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
2024-01-19 12:30:18
packetstorm
packetstorm
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling
2024-02-01 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway
2023-08-14 15:10:52
Security Bulletin: Json-path is vulnerable to CVE-2023-51074 used in IBM Maximo Application Suite - Monitor Component
2024-02-27 16:17:23
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-path [CVE-2023-51074]
2024-03-15 13:49:18
cve
cve
CVE-2023-51074
2023-12-27 21:15:08
CVE-2024-21733
2024-01-19 11:15:08
CVE-2023-5685
2024-03-22 19:15:07
f5
f5
K000138392 : Apache Tomcat vulnerability CVE-2024-21733
2024-01-29 00:00:00
openvas
openvas
Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Linux
2024-01-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0829-1)
2024-05-07 00:00:00
Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Windows
2024-01-19 00:00:00
prion
prion
Information disclosure
2024-01-19 11:15:00
Stack overflow
2023-12-27 21:15:00
Code injection
2023-06-14 14:15:00
zdt
zdt
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability
2024-02-01 00:00:00
cgr
cgr
CVE-2023-51074 vulnerabilities
2024-05-19 03:07:16
CVE-2023-2976 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
(RHSA-2024:0792) Moderate: Red Hat Integration Camel for Spring Boot 3.20.5 release and security update
2024-02-12 17:32:14
(RHSA-2023:7639) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update
2023-12-04 17:38:29
(RHSA-2023:7637) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update
2023-12-04 17:37:49
nessus
nessus
RHEL 6 : json-path (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:0829-1)
2024-03-13 00:00:00
RHEL 6 : jackson-databind (Unpatched Vulnerability)
2024-06-03 00:00:00
cvelist
cvelist
CVE-2023-51074
2023-12-27 00:00:00
CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page
2024-01-19 10:29:04
CVE-2023-5685 Xnio: stackoverflowexception when the chain of notifier states becomes problematically big
2024-03-22 18:24:42
debiancve
debiancve
CVE-2023-51074
2023-12-27 21:15:08
CVE-2024-21733
2024-01-19 11:15:08
CVE-2023-35116
2023-06-14 14:15:00
hackerone
hackerone
Internet Bug Bounty: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444)
2024-01-19 18:09:45
redhatcve
redhatcve
CVE-2024-21733
2024-01-19 15:37:41
CVE-2023-5685
2024-03-05 17:11:25
CVE-2023-51074
2023-12-28 06:30:40
github
github
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
2024-01-19 12:30:18
json-path Out-of-bounds Write vulnerability
2023-12-27 21:31:01
XNIO denial of service vulnerability
2024-03-22 21:30:56
ubuntucve
ubuntucve
CVE-2023-51074
2023-12-27 00:00:00
CVE-2024-21733
2024-01-19 00:00:00
CVE-2023-5685
2024-03-22 00:00:00
nvd
nvd
CVE-2023-51074
2023-12-27 21:15:08
CVE-2024-21733
2024-01-19 11:15:08
CVE-2023-5685
2024-03-22 19:15:07
veracode
veracode
Sensitive Information Disclosure
2024-01-22 05:49:53
Denial Of Service (DoS)
2023-12-29 11:32:43
Denial Of Service (DoS)
2024-03-27 10:22:38
vulnrichment
vulnrichment
CVE-2023-5685 Xnio: stackoverflowexception when the chain of notifier states becomes problematically big
2024-03-22 18:24:42
wolfi
wolfi
CVE-2023-51074 vulnerabilities
2024-06-29 09:08:33
CVE-2023-2976 vulnerabilities
2024-06-29 09:08:33
atlassian
atlassian
com.google.guava:guava Dependency in Confluence Data Center and Server
2024-02-14 20:46:01
com.google.guava:guava Dependency in Jira Service Management Data Center and Server
2024-02-12 03:45:36
Info Disclosure com.google.guava:guava in Jira Software Data Center and Server
2023-11-14 03:45:23
redos
redos
ROS-20240507-03
2024-05-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-2976 affecting package javapackages-bootstrap for versions less than 1.5.0-5
2024-04-09 20:48:36
tomcat
tomcat
Fixed in Apache Tomcat 9.0.44
2021-03-10 00:00:00
Fixed in Apache Tomcat 8.5.64
2021-03-10 00:00:00
intel
intel
Intel® Unison™ Software Advisory
2024-02-13 00:00:00
mageia
mageia
Updated guava packages fix security vulnerabilities
2024-05-01 01:25:14

8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for RHSA-2024:2707
osv9packetstorm1ibm67cve5f51openvas5prion4zdt1cgr2redhat19nessus39cvelist5debiancve5hackerone1redhatcve5github4ubuntucve5nvd5veracode4vulnrichment1wolfi2atlassian3redos1cbl_mariner1tomcat2intel1mageia1