9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
CPE | Name | Operator | Version |
---|---|---|---|
quarkus:quarkus | quarkus | lt | 2.13.9 |
quarkus:quarkus | quarkus | lt | 3.2.9 |
[
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus 2.13.9.Final",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.quarkus/quarkus-resteasy",
"defaultStatus": "affected",
"versions": [
{
"version": "2.13.9.Final-redhat-00003",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus 3.2.9.Final",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.quarkus/quarkus-resteasy",
"defaultStatus": "affected",
"versions": [
{
"version": "3.2.9.Final-redhat-00003",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:quarkus:3.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of OptaPlanner 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-resteasy-reactive",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel K",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "resteasy-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:integration:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-resteasy-reactive",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "resteasy",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
}
]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%