7 matches found
Security Bulletin: Vulnerabilities in Quarkus-HTTP affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Quarkus-HTTP has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12397 DESCRIPTION: A...
at.meks.quarkiverse.axonframework-extension:quarkus-axon-metrics-deployment (>=0.1.0-RC2 <=0.1.0-quarkus-3.15-RC4), br.com.labbs:quarkus-monitor-deployment (>=0.1.5 <=0.3.0) +453 more potentially affected by CVE-2024-12397 via io.quarkus.http:quarkus-http-core (>=3.0.0.Alpha1 <=5.3.3)
io.quarkus.http:quarkus-http-core MAVEN version =3.0.0.Alpha1, =0.1.0-RC2, =0.1.5, =1.0.4, =1.8.0, =1.6.9, =1.5.0, =1.0.0, =1.1.0, =1.1.0, =1.0.0, =0.0.10, =1.0.0, =24.6.0-alpha2 and more Source cves: CVE-2024-12397 Source advisory: OSV:GHSA-CXRX-Q234-M22M...
CVE-2024-12397 vulnerabilities
Vulnerabilities for packages: keycloak-fips, keycloak, apicurio-registry...
CVE-2024-12397 vulnerabilities
Vulnerabilities for packages: apicurio-registry, keycloak...
CVE-2024-12397
creationtimestamp| type| source ---|---|--- 2024-12-12 09:08:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113639063433232775 2024-12-12 11:19:28+00:00| seen| https://t.me/cvedetector/12759 2025-03-19 17:20:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8096 2025-05-02...
CVE-2024-12397
CVE-2024-12397 describes a flaw in Quarkus-HTTP where cookies with certain value-delimiting characters are parsed incorrectly in incoming requests. This can allow an attacker to craft a cookie value to exfiltrate HttpOnly cookies or spoof additional cookie values, impacting data confidentiality a...
CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...