This release of Red Hat Integration – Service Registry 2.4.3 GA includes the following security fixes.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)

* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)

* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)

* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)

* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)

* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)

* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More