12 matches found
com.github.mcollovati:quarkus-hilla-commons-deployment (>=2.4.1 <=2.5.0-alpha2), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.5.0-alpha2) +51 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.3.0 <=3.6.8)
io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.3.0, =2.4.1, =2.0.0, =2.4.1, =0.32.0, =0.32.0, =0.0.0, =0.5.0, =0.2.0, =0.6.3, =0.1.0, =0.1.0, =0.1.0, =0.7.1 and more Source cves: CVE-2023-5675 So...
io.quarkiverse.cxf:quarkus-cxf-integration-test-hc5 (>=2.7.0 <=2.7.0.CR2), io.quarkiverse.renarde:quarkus-renarde (>=3.0.8 <=3.0.9) +64 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.7.0 <=3.7.0.CR1)
io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.7.0, =2.7.0, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.9 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...
br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4), com.github.mcollovati:quarkus-hilla-deployment (>=1.0.0 <=2.0.0-alpha1) +44 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=1.11.0.Beta1 <=3.2.0.Final)
io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =1.11.0.Beta1, =1.0.0, =0.8.0, =0.8.0, =1.0.0, =1.0.3, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.30.0, =1.1.1.Final, =2.13.0.CR1, =3.2.0.Final and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25...
br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +237 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=1.11.0.Beta1 <=3.2.0.Final)
io.quarkus:quarkus-resteasy-reactive-common MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.3.3 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...
cn.sliew:carp-ageiport-server (>=0.0.10 <=0.0.14), com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.5) +190 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.3.0 <=3.6.8)
io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.3.0, =0.0.10, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.6.0 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...
CVE-2023-5675 vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
CVE-2023-5675 vulnerabilities
Vulnerabilities for packages: keycloak...
CVE-2023-5675
CVE-2023-5675 affects Quarkus RestEasy Classic/Reactive JAX-RS endpoints where methods are declared in abstract classes or altered by extensions via annotation processors; authorization may not be enforced when quarkus.security.jaxrs.deny-unannotated-endpoints or quarkus.security.jaxrs.default-ro...
CVE-2023-5675 Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used.
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for February 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF002. Vulnerability Details CVEID:CVE-2023-6267 DESCRIPTION: Quarkus could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the json payload when...
CVE-2023-5675
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.9.SP1 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...