Redhat Integration Camel K — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Integration Camel K, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2023-4853 — CVSS 8.1 (high): A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting…
CVE-2024-7885 — CVSS 7.5 (high): A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests…
CVE-2022-1278 — CVSS 7.5 (high): A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2022-2053 — CVSS 7.5 (high): When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit…
CVE-2022-4244 — CVSS 7.5 (high): A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories…
CVE-2022-4492 — CVSS 7.5 (high): The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2020-14326 — CVSS 7.5 (high): A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower…
CVE-2021-3690 — CVSS 7.5 (high): A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2022-0084 — CVSS 7.5 (high): A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another…
CVE-2022-1259 — CVSS 7.5 (high): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial…
CVE-2021-20218 — CVSS 7.4 (high): A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause…
CVE-2021-4178 — CVSS 6.7 (medium): A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly…
CVE-2021-3642 — CVSS 5.3 (medium): A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer…
CVE-2022-2764 — CVSS 4.9 (medium): A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
CVE-2021-3536 — CVSS 4.8 (medium): A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible…
CVE-2022-4245 — CVSS 4.3 (medium): A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a -->…
CVE-2022-41862 — CVSS 3.7 (low): In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport…