2 matches found
ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +787 more potentially affected by CVE-2024-1726 via io.quarkus.resteasy.reactive:resteasy-reactive (>=1.11.0.Beta1 <=3.2.10.Final)
io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =1.11.0.Beta1, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.7, =1.21.0, =1.28.0 and more Source cves: CVE-2024-1726 Source advisory: OSV:GHSA-MV64-86G8-CQQ7...
CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...