6 matches found
Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.5 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
An update is now available for Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...
br.com.labbs:quarkus-monitor-deployment (>=0.1.5 <=0.3.0), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +213 more potentially affected by CVE-2022-4116 via io.quarkus:quarkus-vertx-http-deployment (>=0.23.0 <=2.13.4.Final)
io.quarkus:quarkus-vertx-http-deployment MAVEN version =0.23.0, =0.1.5, =1.5.0-Alpha2, =1.0.0, =1.1.0, =0.0.10, =1.0.0, =1.0.0-RC3, =0.4.0, =0.4.0, =0.4.0, =0.20.0 and more Source cves: CVE-2022-4116 Source advisory: OSV:GHSA-G56W-CWG4-HXX9https://vulners.com/osv/OSV:GHSA...
io.quarkiverse.cxf:quarkus-cxf-deployment (=1.6.0), io.quarkiverse.cxf:quarkus-cxf-rt-features-logging-deployment (=1.6.0) +95 more potentially affected by CVE-2022-4116 via io.quarkus:quarkus-vertx-http-deployment (>=2.14.0.CR1 <=2.14.1.Final)
io.quarkus:quarkus-vertx-http-deployment MAVEN version =2.14.0.CR1, =2.14.1.Final is affected by a known vulnerability. The following packages have a transitive dependency on io.quarkus:quarkus-vertx-http-deployment and may be impacted: - io.quarkiverse.cxf:quarkus-cxf-deployment =1.6.0 -...
CVE-2022-4116
CVE-2022-4116 affects the Quarkus Dev UI Config Editor (quarkus_dev_ui). It enables drive-by localhost attacks leading to remote code execution. Red Hat's RHSA-2022:9023/8957 include a security fix in the Red Hat build of Quarkus (2.13.5 release) and advise updating; other advisories (GHSA OSV) d...