PT-2025-26642 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.24.0 Description: The issue is related to a potential data leak when duplicating a duplicated context in Quarkus, which extensively uses the Vert.x duplicated context to implement context propagation. This can caus...

com.github.mcollovati:quarkus-hilla-commons-deployment (>=2.4.1 <=2.5.0-alpha2), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.5.0-alpha2) +51 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.3.0 <=3.6.8)

io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.3.0, =2.4.1, =2.0.0, =2.4.1, =0.32.0, =0.32.0, =0.1-preview, =0.0.0, =0.5.0, =0.2.0, =0.6.3, =0.1.0, =0.1.0, =0.1.0, =0.7.1 and more Source cves: CVE-2023-5675https://vulners.com/cve/C...

com.abavilla:fpi-bot-api (>=1.6.0 <=1.8.0), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.8.0) +18 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=3.0.0.Alpha1 <=3.2.5.Final)

io.quarkus:quarkus-keycloak-authorization MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...