关键信息 漏洞概述 公告编号: RHSA-2025:3543 发布日期: 2025-04-02 更新日期: 2025-04-02 类型/严重性: 安全公告 - 重要 影响的产品 Red Hat Integration - Camel for Spring Boot 1 x86_64 固定的漏洞 CVE-2024-57699: json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) CVE-2025-2240: io.smallrye-fault-tolerance-core: SmallRye Fault Tolerance CVE-2025-22228: spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length CVE-2025-24970: io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine CVE-2025-27636: org.apache.camel/camel-http: bypass of header filters via specially crafted response CVE-2025-27636: org.apache.camel/camel-http-basic: bypass of header filters via specially crafted response 解决方案 在应用此更新之前,确保所有先前发布的与系统相关的勘误表都已应用。 参考文档: https://access.redhat.com/articles/1258 参考链接 Red Hat 安全更新分类