Redhat

Integration Camel K

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-7885

  • EPSS 6.4%
  • Published 21.08.2024 14:15:09
  • Last modified 25.09.2025 08:15:36

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.3

CVE-2022-4245

  • EPSS 0.14%
  • Published 25.09.2023 20:15:10
  • Last modified 21.11.2024 07:34:51

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML i...

7.5

CVE-2022-4244

  • EPSS 0.59%
  • Published 25.09.2023 20:15:10
  • Last modified 05.05.2025 14:12:14

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variation...

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Published 20.09.2023 10:15:14
  • Last modified 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

3.7

CVE-2022-41862

  • EPSS 0.2%
  • Published 03.03.2023 16:15:09
  • Last modified 07.03.2025 16:15:36

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing u...

7.5

CVE-2022-4492

  • EPSS 0.12%
  • Published 23.02.2023 20:15:12
  • Last modified 12.03.2025 15:15:38

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...

7.5

CVE-2022-1278

  • EPSS 0.88%
  • Published 13.09.2022 14:15:08
  • Last modified 21.11.2024 06:40:23

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

4.9

CVE-2022-2764

  • EPSS 0.12%
  • Published 01.09.2022 21:15:09
  • Last modified 21.11.2024 07:01:39

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.