89 matches found
CVE-2026-42333
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
CVE-2026-42333
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
CVE-2026-42333 quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
CVE-2026-42333
CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...
CVE-2026-42333 quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
CVE-2026-42333
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...
quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations
Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...
io.quarkiverse.docling:quarkus-docling (>=0.0.1 <=0.0.4), io.quarkiverse.docling:quarkus-docling-deployment (>=0.0.1 <=0.0.4) +112 more potentially affected by CVE-2026-42333 via io.quarkiverse.openapi.generator:quarkus-openapi-generator (>=0.10.0 <=2.15.0)
io.quarkiverse.openapi.generator:quarkus-openapi-generator MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.1.0, =2.10.0, =0.4.0, =2.10.0, =2.15.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel =10.2.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel-deployment =10.2.0 -...
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...
io.quarkiverse.docling:quarkus-docling (>=0.0.1 <=0.0.4), io.quarkiverse.docling:quarkus-docling-deployment (>=0.0.1 <=0.0.4) +54 more potentially affected by CVE-2026-42333 via io.quarkiverse.openapi.generator:quarkus-openapi-generator (>=2.0.0 <=2.11.0)
io.quarkiverse.openapi.generator:quarkus-openapi-generator MAVEN version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =2.10.0, =2.10.0, =2.11.0-lts - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel =10.2.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel-deployment =10.2.0 -...
CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
EUVD-2026-21583
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...
CVE-2026-40180
CVE-2026-40180 affects Quarkus OpenAPI Generator’s ApicurioCodegenWrapper unzip() path: entries are extracted without validating that the resolved path stays inside the output directory, constructing destination as new File(toOutputDir, entry.getName()). This can allow path traversal (e.g., ../.....
Quarkus OpenAPI Generator 路径遍历漏洞
Quarkus OpenAPI Generator is an open-source code generation tool based on the OpenAPI specification, developed by Quarkiverse Hub. Versions of Quarkus OpenAPI Generator prior to 2.16.0 and 2.15.0-lts contained a path traversal vulnerability. This vulnerability stemmed from the unzip method in...
quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...
GHSA-JX2W-VP7F-456Q quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class
Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198778
Malicious code in @seung-ju/openapi-generator npm...
Malicious code in @seung-ju/openapi-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...