Site icon API Security Blog

RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory. jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack (CVE-2022-22577) rubygem-loofah: inefficient regular expression leading to denial of service (CVE-2022-23514) rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting (CVE-2022-23515) rubygem-loofah: Uncontrolled Recursion leading to denial of service (CVE-2022-23516) rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service (CVE-2022-23517) rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting (CVE-2022-23518) rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations (CVE-2022-23519, CVE-2022-23520) snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers (CVE-2022-27777) rubygem-tzinfo: arbitrary code execution (CVE-2022-31163) activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224) apache-commons-configuration:…Read More

Exit mobile version