7 matches found
Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.5 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
An update is now available for Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
CVE-2022-4147
creationtimestamp| type| source ---|---|--- 2022-12-06 22:40:59+00:00| seen| https://t.me/cibsecurity/54091...
br.com.labbs:quarkus-monitor (>=0.1.5 <=0.3.0), br.com.labbs:quarkus-monitor-deployment (>=0.1.5 <=0.3.0) +1513 more potentially affected by CVE-2022-4147 via io.quarkus:quarkus-vertx-http (>=0.23.0 <=2.13.4.Final)
io.quarkus:quarkus-vertx-http MAVEN version =0.23.0, =0.1.5, =0.1.5, =1.0.2, =1.0.2, =1.0.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.0.22, =1.0.22, =1.0.30 and more Source cves: CVE-2022-4147 Source advisory: OSV:GHSA-9895-G6X5-XWCP...
com.abavilla:fpi-bot-api (>=1.2.0 <=1.4.2), com.abavilla:fpi-bot-api-core (>=1.2.0 <=1.3.1) +696 more potentially affected by CVE-2022-4147 via io.quarkus:quarkus-vertx-http (>=2.14.0.CR1 <=2.14.1.Final)
io.quarkus:quarkus-vertx-http MAVEN version =2.14.0.CR1, =1.2.0, =1.2.0, =1.2.0, =1.3.2, =1.5.0, =1.5.0, =1.2.1, =1.2.1, =1.2.1, =1.3.2, =1.2.0, =1.2.0, =1.2.0, =1.3.3, =1.4.1 - com.abavilla:fpi-meta-plugin =1.0.19 and more Source cves: CVE-2022-4147 Source advisory: OSV:GHSA-9895-G6X5-XWCP...
CVE-2022-4147
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in...
CVE-2022-4147
CVE-2022-4147 affects the Quarkus CORS filter. The issue allows simple GET/POST requests with an invalid Origin to proceed, potentially enabling cross-origin abuse. The description in multiple sources notes that such requests (e.g., XMLHttpRequest-based) can bypass origin checks when the request ...