CVE-2022-4147

2022-12-0600:00:00

CWE-1026

redhat

www.cve.org

quarkus

cors

get requests

post requests

xmlhttprequest

readablestream

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "quarkus-2",
    "versions": [
      {
        "version": "2",
        "status": "affected"
      }
    ]
  }
]