QID 239354
Date Published: 2021-06-03
QID 239354: Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.7 (RHSA-2021:2047)
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es): velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) netty: Information disclosure via the local system temporary directory (CVE-2021-21290) netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
Affected Products:
JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Refer to Red Hat security advisory RHSA-2021:2047 to address this issue and obtain more information.
- RHSA-2021:2047 -
access.redhat.com/errata/RHSA-2021:2047?language=en
CVEs related to QID 239354
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:2047 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:2047?language=en |