Redhat Integration Camel K vulnerabilities

CVE-2022-4244 [HIGH] CWE-22 CVE-2022-4244: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) a A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on

CVE-2022-4245 [MEDIUM] CWE-91 CVE-2022-4245: A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fai A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVE-2023-4853 [HIGH] CWE-148 CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permut A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.