CVE-2018-1270, which permitted a malicious user to craft a STOMP message that could lead to remote code execution, was not fully addressed in the 4.3.x branch of the Spring Framework.
Upstream commit: https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1320
This issue has been addressed in the following products: Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R8 Via RHSA-2018:2939 https://access.redhat.com/errata/RHSA-2018:2939