RHSA-2023:3906: Important: Red Hat Integration Camel K 1.10.1 release security update
A security update for Camel K 1.10.1 is now available.The purpose of this text-only errata is to inform you about the security issues fixed with this release. json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)(CVE-2023-1370) codehaus-plexus: Directory Traversal (CVE-2022-4244) codehaus-plexus: XML External Entity (XXE) Injection (CVE-2022-4245) scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368) jdbc-postgresql: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) Apache CXF: directory listing / code exfiltration (CVE-2022-46363) A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:3906?
The severity of RHSA-2023:3906 is classified as moderate due to the controlled resource consumption vulnerability in json-smart.
How do I fix RHSA-2023:3906?
To fix RHSA-2023:3906, update Camel K to version 1.10.1 or later.
What vulnerability does RHSA-2023:3906 address?
RHSA-2023:3906 addresses a vulnerability in json-smart, specifically an uncontrolled resource consumption issue (CVE-2023-1370).
Who is affected by RHSA-2023:3906?
Users of Camel K 1.10.1 and earlier versions are affected by RHSA-2023:3906.
What is json-smart in the context of RHSA-2023:3906?
In the context of RHSA-2023:3906, json-smart is a library used for JSON parsing that contains the vulnerability addressed in the security update.