Threats Tagged 'cve-2024-8391'

Red Hat has released an important security advisory (RHSA-2024:7052) for the Red Hat Build of Apache Camel 4. 4 for Quarkus 3. 8 (RHBQ 3. 8. 6. GA) addressing multiple vulnerabilities. These include an XXE vulnerability in various HL7 FHIR XSLT transforms (CVE-2024-45294), a denial of service vulnerability in Apache CXF JOSE components (CVE-2024-32007), unrestricted memory consumption in CXF HTTP clients (CVE-2024-41172), an elevation of privilege vulnerability in Azure Identity Libraries (CVE-2024-35255), and a message size limitation issue in Vertx gRPC server and client (CVE-2024-8391). The advisory aims to improve security and stability by providing an update that fixes these issues. Users are advised to back up their installations before applying the update. No known exploits in the wild have been reported at this time.

Red Hat JBoss EAP XP 5. 0 Update 1. 0 includes a security fix for CVE-2024-8391, which addresses an issue in the io. vertx/vertx-grpc server where the maximum message size was not limited. This vulnerability is categorized under CWE-770 and is rated as medium severity by Red Hat. The advisory provides an update release that includes the fix. No known exploits in the wild have been reported. The vendor advisory directs users to apply the update following official documentation.

Red Hat has released a security update for OpenShift Serverless Logic 1. 34. 0 addressing multiple vulnerabilities including a high-severity issue (CVE-2024-8391) where the Vertx gRPC server does not limit the maximum message size. Other fixed vulnerabilities include server-side request forgery in axios, improper input handling in Express redirects, code execution in the Send library, improper sanitization in serve-static, and a DOM clobbering vulnerability in webpack. These issues affect various components used within the OpenShift Serverless environment. The update includes security fixes, bug fixes, and enhancements. Red Hat rates the security impact as Important and recommends applying this update after ensuring all previous errata are applied.

This release of Red Hat build of Quarkus 3.8.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Security Fix(es): * EMBARGOED CVE-2024-3653 io.quarkus/quarkus-undertow: undertow: LearningPushHandler can lead to remote memory DoS attacks [quarkus-3.8] * CVE-2024-8391 io.vertx.vertx-grpc-client: Vertx gRPC server does not limit the maximum message size [quarkus-3.8] * CVE-2024-8391 io.vertx.vertx-grpc-server: Vertx gRPC server does not limit the maximum message size [quarkus-3.8]