Red hat integration service registry

This hub aggregates every CVE we track for Red hat integration service registry, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

DevTools & CIon-premother

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH13MEDIUM8LOW3CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Red hat integration service registry.

CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
CVE-2023-31582jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.7.5Oct 24, 2023
CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK7.5Sep 29, 2023
CVE-2023-3223Undertow: outofmemoryerror due to @multipartconfig handling7.5Sep 27, 2023
CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
CVE-2023-4853Quarkus: http security policy bypass8.1Sep 20, 2023
CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
CVE-2023-29409Large RSA keys can cause high CPU usage in crypto/tls5.3Aug 2, 2023
CVE-2023-34462netty-handler SniHandler 16MB allocation6.5Jun 22, 2023
CVE-2023-26049Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty2.4Apr 18, 2023
CVE-2023-26048OutOfMemoryError for large multipart without filename in Eclipse Jetty5.3Apr 18, 2023
CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client ...3.7Mar 3, 2023

Product normalization is registry-driven with AI assist and human review. How it works