RHSA-2023:0544: Important: Red Hat Camel for Spring Boot 3.14.5 Patch 1 release and security update
This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. This release of Camel for Spring Boot includes CXF artifacts that were missing from the previous 3.14.5 release.Security Fix(es): CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) jettison: parser crash by stackoverflow (CVE-2022-40149) jettison: If the value in map is the map's self, the new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:0544?
RHSA-2023:0544 addresses vulnerabilities that have been classified with moderate severity.
How do I fix RHSA-2023:0544?
To fix RHSA-2023:0544, you should update to the latest version of Camel for Spring Boot as provided in the advisory.
What vulnerabilities are addressed in RHSA-2023:0544?
RHSA-2023:0544 includes fixes for several bugs and enhancements that improve the stability of Camel for Spring Boot.
Who is affected by RHSA-2023:0544?
All users of Red Hat Integration - Camel for Spring Boot version 3.14.5 are affected by RHSA-2023:0544.
Is there a release note for RHSA-2023:0544?
Yes, the release notes for RHSA-2023:0544 are documented and provide details on the fixes and enhancements.