Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Integration: RHSA-2023-2099-01 Critical: Spring Boot DoS Issues

red hat
Calendar Grey May 3, 2023
Dist Redhat Esm H88
Recent updates in Red Hat Integration Camel focus on crucial security enhancements, addressing vulnerabilities and improving resource management to prevent DoS threats.
A patch is now available for Camel for Spring Boot 3.18.3

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory DoS resource exhaustion Red Hat Integration Camel spring expression

References

https://access.redhat.com/security/cve/CVE-2023-1370 https://access.redhat.com/security/cve/CVE-2023-20863 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2 https://access.redhat.com/security/updates/classification#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:2099-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2099
Issue date: 2023-05-03

Topic

A patch is now available for Camel for Spring Boot 3.18.3. The purpose ofthis text-only errata is to inform you about the security issues fixed inthis release.Red Hat Product Security has rated this update as having an impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory DoS resource exhaustion Red Hat Integration Camel spring expression

Relevant Releases Architectures

Bugs Fixed

2187742 - CVE-2023-20863 springframework: Spring Expression DoS Vulnerability

2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here