If the Quarkus Form Authentication session cookie Path attribute is set to /
then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CPE | Name | Operator | Version |
---|---|---|---|
io.quarkus:quarkus-vertx-http | lt | 2.13.7.Final |