729 matches found
CVE-2022-4116
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...
org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2), org.apache.camel.quarkus:camel-quarkus-coap (>=3.8.0 <=3.36.0) +32 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=3.0.0 <=3.6.0)
org.eclipse.californium:scandium MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...
org.apache.camel.quarkus:camel-quarkus-coap (>=2.13.1 <=2.15.0), org.apache.camel.quarkus:camel-quarkus-coap-deployment (>=2.13.1 <=2.15.0) +16 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=2.7.0 <=2.7.3)
org.eclipse.californium:scandium MAVEN version =2.7.0, =2.13.1, =2.13.1, =2.13.1, =3.18.3, =3.18.3, =2.7.0, =2.7.0, =2.7.0, =1.10.1, =1.10.1, =1.10.1, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.1 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...
Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP1 and security update
An update is now available for the Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For mo...
quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended...
Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...
HTTP Request Smuggling
Quarkus is vulnerable to HTTP request smuggling. The vulnerability exists in handle function in SmallRyeGraphQLAbstractHandler.java due to incomplete termination of the HTTP request header which allows an attacker to smuggle HTTP requests by submitting malicious headers...
Quarkus does not terminate HTTP requests header context
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final...
GHSA-MWHW-6P27-4CRC Quarkus does not terminate HTTP requests header context
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final...
CVE-2022-2466
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
CVE-2022-2466
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
Design/Logic Flaw
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
CVE-2022-2466
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
EUVD-2022-6884
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
CVE-2022-2466
Summary: CVE-2022-2466 affects Quarkus 2.10.x due to incomplete termination of the HTTP request header context, enabling HTTP request smuggling as described in connected sources. The issue relates to the handle logic in SmallRyeGraphQLAbstractHandler.java and may cause unpredictable behavior. The...
CVE-2022-2466
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...
PT-2022-16781 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus versions 2.10.x through 2.10.3 Description: The issue is related to Quarkus not terminating HTTP requests header context, which may lead to unpredictable behavior. This is a problem in the framework that can cause unexpected outcomes...
Quarkus 环境问题漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus version 2.10.x that stems from an HTTP request header environment that will not terminate...
com.datastax.oss.quarkus:cassandra-quarkus-client (=1.0.0), com.datastax.oss.quarkus:cassandra-quarkus-client-deployment (>=1.0.0 <=1.1.1) +45 more potentially affected by CVE-2021-3914 via io.smallrye:smallrye-health-ui (>=2.2.3 <=3.1.1)
io.smallrye:smallrye-health-ui MAVEN version =2.2.3, =1.0.0, =1.0.4, =0.4.0, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.3.0.Beta1, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.2.1.Final, =1.2.2.Final and more Source cves: CVE-2021-3914 Source advisory: OSV:GHSA-PVC3-WVXR-7CMF...
io.github.xiaomisum:ryze-coap (=6.1.0), org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2) +34 more potentially affected by CVE-2022-2576 via org.eclipse.californium:californium-core (>=3.0.0 <=3.5.0)
org.eclipse.californium:californium-core MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-2576 Source advisory: OSV:GHSA-QQ3J-44GW-CF6R...