Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:9023
HistoryDec 14, 2022 - 1:13 p.m.

(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update

2022-12-1413:13:39
access.redhat.com
16

0.971 High

EPSS

Percentile

99.8%

JSON

This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • CVE-2022-4147 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus

  • CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

  • CVE-2022-37734 graphql-java: DoS by malicious query

  • CVE-2022-3171 protobuf-java: timeout in parser leads to DoS

  • CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE

  • CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

  • CVE-2022-42004 jackson-databind: use of deeply nested arrays

  • CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 23
redhat 6
ibm 71
gentoo 1
openvas 13
mageia 1
debian 1
osv 11
cgr 2
debiancve 2
redhatcve 3
cve 4
veracode 3
almalinux 1
alpinelinux 1
wolfi 2
oraclelinux 1
github 3
fedora 2
prion 5
cvelist 3
freebsd 1
rocky 1
ubuntucve 2
f5 1
malwarebytes 1
githubexploit 20
qualysblog 1
atlassian 8
paloalto 1
metasploit 1
rapid7blog 1
wallarmlab 1
zdt 1
nessus
nessus
Oracle Primavera Gateway (Jan 2023 CPU)
2023-01-20 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
Oracle GoldenGate (April 2023 CPU)
2023-04-19 00:00:00
redhat
redhat
(RHSA-2023:1006) Important: Red Hat build of Quarkus 2.7.7 release and security update
2023-03-08 14:51:11
(RHSA-2023:0261) Critical: Satellite 6.12.1 Async Security Update
2023-01-18 14:49:14
(RHSA-2022:8957) Important: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
2022-12-13 13:18:12
ibm
ibm
Security Bulletin: Maximo Application Suite is vulnerable to CVE-2022-42003 and CVE-2022-42004 per jackson-databind dependency
2023-03-24 21:44:35
Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (CVE-2022-42003, CVE-2022-42004)
2023-01-30 09:20:59
Security Bulletin: FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite
2023-05-02 17:56:02
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Debian: Security Advisory (DLA-3207-1)
2022-11-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
osv
osv
CVE-2022-37734
2022-09-12 14:15:09
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
2022-09-13 00:00:39
Moderate: postgresql-jdbc security update
2023-01-23 00:00:00
cgr
cgr
CVE-2022-31197 vulnerabilities
2024-05-19 03:07:16
CVE-2022-42004 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-42889
2022-10-13 13:15:00
redhatcve
redhatcve
CVE-2022-37734
2022-09-14 13:14:43
CVE-2022-31197
2022-09-23 18:18:48
CVE-2022-42889
2022-10-17 16:42:02
cve
cve
CVE-2022-37734
2022-09-12 14:15:00
CVE-2022-31197
2022-08-03 19:15:00
CVE-2022-42889
2022-10-13 13:15:00
veracode
veracode
SQL Injection
2022-08-03 22:36:24
Denial Of Services (DoS)
2022-09-13 06:20:23
Arbitrary Code Execution
2022-10-14 18:57:11
almalinux
almalinux
Moderate: postgresql-jdbc security update
2023-01-23 00:00:00
alpinelinux
alpinelinux
CVE-2022-31197
2022-08-03 19:15:00
wolfi
wolfi
CVE-2022-31197 vulnerabilities
2024-05-29 03:07:31
CVE-2022-42004 vulnerabilities
2024-05-29 03:07:31
oraclelinux
oraclelinux
postgresql-jdbc security update
2023-01-24 00:00:00
github
github
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
2022-08-06 05:51:38
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
2022-09-13 00:00:39
Arbitrary code execution in Apache Commons Text
2022-10-13 19:00:17
fedora
fedora
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.26-1.fc35
2022-10-05 01:04:52
[SECURITY] Fedora 36 Update: postgresql-jdbc-42.3.1-4.fc36
2022-10-05 01:01:52
prion
prion
Design/Logic Flaw
2022-09-12 14:15:00
Sql injection
2022-08-03 19:15:00
Code injection
2022-10-02 05:15:00
cvelist
cvelist
CVE-2022-37734
2022-09-12 13:14:35
CVE-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
2022-08-03 00:00:00
CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
2022-10-13 00:00:00
freebsd
freebsd
puppetdb -- Potential SQL injection
2022-08-03 00:00:00
rocky
rocky
postgresql-jdbc security update
2023-01-23 14:30:09
ubuntucve
ubuntucve
CVE-2022-31197
2022-08-03 00:00:00
CVE-2022-42889
2022-10-13 00:00:00
f5
f5
K24823443 : Apache Commons Text vulnerability CVE-2022-42889
2022-10-19 00:00:00
malwarebytes
malwarebytes
Why Log4Text is not another Log4Shell
2022-10-19 19:00:00
githubexploit
githubexploit
Exploit for Code Injection in Apache Commons Text
2022-10-23 13:42:23
Exploit for Code Injection in Apache Commons Text
2022-10-24 15:28:02
Exploit for Code Injection in Apache Commons Text
2022-10-18 09:58:00
qualysblog
qualysblog
CVE-2022-42889: Detect Text4Shell via Qualys Container Security
2022-10-25 21:55:05
atlassian
atlassian
FasterXML Vulnerability in Bitbucket Data Center and Server
2023-10-06 17:45:26
Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889
2022-12-06 23:56:26
Upgrade Apache Commons-text for CVE-2022-42889
2022-11-10 17:03:03
paloalto
paloalto
Impact of Apache Text Commons Vulnerability CVE-2022-42889
2022-11-09 17:00:00
metasploit
metasploit
Apache Commons Text RCE
2023-12-24 19:13:50
rapid7blog
rapid7blog
CVE-2022-42889: Keep Calm and Stop Saying "4Shell"
2022-10-17 20:36:16
wallarmlab
wallarmlab
New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889
2022-10-18 05:02:38
zdt
zdt
Apache Commons Text 1.9 Remote Code Execution Exploit
2024-01-21 00:00:00

0.971 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2022:9023
nessus23redhat6ibm71gentoo1openvas13mageia1debian1osv11cgr2debiancve2redhatcve3cve4veracode3almalinux1alpinelinux1wolfi2oraclelinux1github3fedora2prion5cvelist3freebsd1rocky1ubuntucve2f51malwarebytes1githubexploit20qualysblog1atlassian8paloalto1metasploit1rapid7blog1wallarmlab1zdt1