RHSA-2020:4379: Important: Red Hat build of Eclipse Vert.x 3.9.4 security update

Published Nov 9, 2020

Updated

This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.Security Fix(es): jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)(CVE-2020-25649) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.

Affected Software

1 affected component

Red Hat Eclipse Vert.x

Remediation

Event History

Nov 9, 2020

Advisory Published

12:00 AM

Data Sourced

12:00 AM

RemedyDescriptionAffected Software

Frequently Asked Questions

What is the severity of RHSA-2020:4379?

The severity of RHSA-2020:4379 is classified as important.

How do I fix RHSA-2020:4379?

To fix RHSA-2020:4379, update to the latest version of Red Hat build of Eclipse Vert.x.

What vulnerabilities are addressed in RHSA-2020:4379?

RHSA-2020:4379 addresses a security fix in the Jackson Databind library related to insecure entity expansion.

Is RHSA-2020:4379 applicable to all versions of Eclipse Vert.x?

RHSA-2020:4379 specifically applies to version 3.9.4 of Eclipse Vert.x.

When was RHSA-2020:4379 released?

RHSA-2020:4379 was released in December 2020.