RHSA-2022:5029: Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update
This release of Red Hat build of Eclipse Vert.x 4.2.7 GA includes security updates. For more information, see the release notes listed in the References section.Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:5029?
The severity of RHSA-2022:5029 is classified as moderate.
What vulnerabilities are addressed in RHSA-2022:5029?
RHSA-2022:5029 addresses a denial of service vulnerability in jackson-databind due to a large depth of nested objects, identified as CVE-2020-36518.
How do I fix RHSA-2022:5029?
To fix RHSA-2022:5029, update the Red Hat build of Eclipse Vert.x to the latest version that includes the security patches.
What software is affected by RHSA-2022:5029?
RHSA-2022:5029 affects the Red Hat build of Eclipse Vert.x 4.2.7 GA.
Is there a workaround for RHSA-2022:5029?
There is no specific workaround mentioned for RHSA-2022:5029; the recommended action is to apply the security update.