The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory.
– minimist: prototype pollution (CVE-2021-44906)
– netty: world readable temporary file containing sensitive data (CVE-2022-24823)
– com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More