Redhat Process Automation vulnerabilities

CVE-2019-14892 [CRITICAL] CWE-200 CVE-2019-14892: A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVE-2019-14863 [MEDIUM] CWE-79 CVE-2019-14863: There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the conte There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVE-2019-14862 [MEDIUM] CWE-79 CVE-2019-14862: There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.