This release of Red Hat Integration – Service Registry 2.4.3 GA includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)
* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More