4 matches found
Design/Logic Flaw
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...
CVE-2023-6267
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...
CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...
CVE-2023-6267
CVE-2023-6267 affects Quarkus: a deserialization flaw in the json payload when REST resources are secured with annotation-based security can allow remote code execution. Deserialization occurs before security checks, unlike configuration-based security. Affected records corroborate an unsafe-dese...