Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...

EUVD-2024-54455

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.15.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

CVE-2024-12225

CVE-2024-12225 affects Quarkus, specifically the quarkus-security-webauthn module. The vulnerability arises because default REST endpoints for user registration/login remain accessible when developers add custom endpoints, potentially allowing an attacker to obtain a login cookie with no correspo...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications from the Quarkus open source. A security vulnerability exists in Quarkus that stems from an undisabled default REST endpoint in the quarkus-security-webauthn module, which could lead to arbitrary user login...

io.quarkus:quarkus-security-webauthn-deployment (>=3.0.0.Alpha1 <=3.18.0), io.quarkus:quarkus-test-security-webauthn (>=3.0.0.Alpha1 <=3.18.0) potentially affected by CVE-2024-12225 via io.quarkus:quarkus-security-webauthn (>=3.0.0.Alpha1 <=3.18.0)

io.quarkus:quarkus-security-webauthn MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.0.0.Alpha1, =3.18.0 Source cves: CVE-2024-12225 Source advisory: SNYK:JAVA-IOQUARKUS-9376953...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel through the default REST endpoints. An attacker can bypass authentication controls and potentially log in as an existing user without proper credentials by exploiting these...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus that stems from a request parameter being leaked between concurrent requests if the endpoint is injected using a field that does not have a C...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus quarkus-vertx-http, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...