Red hat fuse

This hub aggregates every CVE we track for Red hat fuse, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat fuse.

• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2025-48734Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default8.8May 28, 2025
• CVE-2024-12798JaninoEventEvaluator vulnerability7.3Dec 19, 2024
• CVE-2024-6162Undertow: url-encoded request path information can be broken on ajp-listener7.5Jun 20, 2024
• CVE-2024-4067Regular Expression Denial of Service in micromatch5.3May 13, 2024
• CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK7.5Sep 29, 2023
• CVE-2023-40167Jetty accepts "+" prefixed value in Content-Length5.3Sep 15, 2023
• CVE-2023-22602Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request7.5Jan 14, 2023
• CVE-2022-42920Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing9.8Nov 7, 2022
• CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http5.5May 6, 2022
• CVE-2021-44906Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).9.8Mar 17, 2022
• CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
• CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5Dec 9, 2021
• CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5Oct 19, 2021
• CVE-2021-38153Timing Attack Vulnerability for Apache Kafka Connect and Clients5.9Sep 22, 2021