搜索
支持控制台(Console)开发人员开始试用联系人

第 6 章 修复了常见漏洞和风险

download PDF

本节详细介绍了 AMQ Broker 7.12 发行版本中修复的通用漏洞和风险(CVE)。

  • ENTMQBR-8644 - TRIAGE CVE-2023-6717 keycloak: XSS via SAML POST-binding 流中的断言消费者服务 URL [amq-7]
  • ENTMQBR-8976 - TRIAGE CVE-2024-29025 netty-codec-http: Allocation of resources Without Limits 或 Throttling [amq-7]
  • ENTMQBR-8927 - CVE-2024-22259 springframework: URL Parsing with Host Validation [amq-7]
  • ENTMQBR-8740 - CVE-2024-1132 keycloak: 重定向验证中的路径转换器 [amq-7]
  • ENTMQBR-8758 - CVE-2024-1249 keycloak: org.keycloak.protocol.oidc: 在 checkLoginIframe 中未验证的跨原始消息会导致 DDoS [amq-7]
  • ENTMQBR-8626 - CVE-2023-6378 logback: serialization vulnerability in logback receiver [amq-7]
  • ENTMQBR-8627 - CVE-2023-6481 日志转发:日志接收器中的序列化漏洞 [amq-7]
  • ENTMQBR-8953 - CVE-2024-29131 CVE-2024-29133 commons-configuration2: various flaws [amq-7]
  • ENTMQBR-8702 - CVE-2023-44981 zookeeper: Authorization Bypass in Apache ZooKeeper [amq-7]
  • ENTMQBR-8611 - CVE-2022-41678 activemq: Apache ActiveMQ: Deserialization vulnerability on Jolokia,它允许经过身份验证的用户执行 RCE [amq-7]
  • ENTMQBR-8225 - CVE-2023-24540 amq-broker-rhel8-operator-container: golang: html/template:不正确的处理 JavaScript 空格 [amq-7]
  • ENTMQBR-8227 - CVE-2022-21698 amq-broker-rhel8-operator-container: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [amq-7]
  • ENTMQBR-8238 - CVE-2022-21698 CVE-2023-24534 amq-broker-rhel8-operator-container: golang: net/http, net/textproto: 拒绝服务不受过度内存分配 [amq-7]
  • ENTMQBR-8239 - CVE-2023-29400 amq-broker-rhel8-operator-container: golang: html/template:不正确的处理空 HTML 属性 [amq-7]
  • ENTMQBR-8240 - CVE-2023-24539 amq-broker-rhel8-operator-container: golang: html/template: incorrect sanitization of CSS 值 [amq-7]
  • ENTMQBR-8228 - CVE-2021-43565 amq-broker-rhel8-operator-container: golang.org/x/crypto: 空明文数据包会导致 panic [amq-7]
  • ENTMQBR-8230 - CVE-2022-41723 amq-broker-rhel8-operator-container: net/http, golang.org/x/net/http2: 避免 HPACK 解码 [amq-7] 中的数量复杂性。
  • ENTMQBR-8236 - CVE-2023-24536 amq-broker-rhel8-operator-container: golang: net/http, net/textproto, mime/multipart: 拒绝服务被过度消耗 [amq-7]
  • ENTMQBR-8237 - CVE-2023-24537 amq-broker-rhel8-operator-container: golang: go/parser: Infinite loop in resolve [amq-7]
  • ENTMQBR-8231 - CVE-2022-2879 amq-broker-rhel8-operator-container: golang: archive/tar: unbounded 内存消耗(在读取标头 [amq-7]
  • ENTMQBR-8229 - CVE-2022-27664 amq-broker-rhel8-operator-container: golang: net/http: handle server error after send GOAWAY [amq-7]
  • ENTMQBR-8226 - CVE-2022-32189 amq-broker-rhel8-operator-container: golang: math/big: decoding big.Float 和 big.Rat 类型,如果编码的消息太短,可能允许拒绝服务 [amq-7]
  • ENTMQBR-8232 - CVE-2022-41715 amq-broker-rhel8-operator-container: golang: regexp/syntax: 限制由解析 regexps [amq-7] 使用的内存
  • ENTMQBR-8241 - CVE-2023-24538 amq-broker-rhel8-operator-container: golang: html/template: backticks not treated as as string delimiters [amq-7]
  • ENTMQBR-8233 - CVE-2022-2880 amq-broker-rhel8-operator-container: golang: net/http/httputil: ReverseProxy 不应转发不可解析的查询参数 [amq-7]
  • ENTMQBR-8234 - CVE-2022-41724 amq-broker-rhel8-operator-container: golang: crypto/tls: large handshake 记录可能会导致 panics [amq-7]
  • ENTMQBR-8608 - CVE-2022-41678 activemq-broker-operator: Apache ActiveMQ: Deserialization vulnerability on Jolokia,它允许经过身份验证的用户执行 RCE [amq-7]
  • ENTMQBR-8235 - CVE-2022-41725 amq-broker-rhel8-operator-container: golang: net/http, mime/multipart: 拒绝服务不受过度资源消耗 [amq-7]
  • ENTMQBR-8671 - CVE-2023-51074 json-path: stack-based buffer overflow in Criteria.parse method [amq-7]
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.