2 matches found
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...
PT-2023-8635 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value...