EUVD-2024-3462

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in Quarkus-HTTP affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus-HTTP has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12397 DESCRIPTION: A...

io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

io.quarkus:quarkus-vertx-http-deployment (>=2.13.0.CR1 <=3.3.3) potentially affected by CVE-2025-47204 via org.webjars:bootstrap-multiselect (=0.9.15)

org.webjars:bootstrap-multiselect MAVEN version =0.9.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:bootstrap-multiselect and may be impacted: - io.quarkus:quarkus-vertx-http-deployment =2.13.0.CR1, =3.3.3 Source cves: CVE-2025-47204...

Linux Distros Unpatched Vulnerability : CVE-2024-12397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an...

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

at.meks.quarkiverse.axonframework-extension:quarkus-axon-metrics-deployment (>=0.1.0-RC2 <=0.1.0-quarkus-3.15-RC4), br.com.labbs:quarkus-monitor-deployment (>=0.1.5 <=0.3.0) +453 more potentially affected by CVE-2024-12397 via io.quarkus.http:quarkus-http-core (>=3.0.0.Alpha1 <=5.3.3)

io.quarkus.http:quarkus-http-core MAVEN version =3.0.0.Alpha1, =0.1.0-RC2, =0.1.5, =1.0.4, =1.8.0, =1.6.9, =1.5.0, =1.0.0, =1.1.0, =1.1.0, =1.0.0, =0.0.10, =1.0.0, =24.6.0-alpha2 and more Source cves: CVE-2024-12397 Source advisory: OSV:GHSA-CXRX-Q234-M22M...

CVE-2024-12397

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

CVE-2024-12397

CVE-2024-12397 describes a flaw in Quarkus-HTTP where cookies with certain value-delimiting characters are parsed incorrectly in incoming requests. This can allow an attacker to craft a cookie value to exfiltrate HttpOnly cookies or spoof additional cookie values, impacting data confidentiality a...

PT-2024-17576 · Unknown · Quarkus-Http

Name of the Vulnerable Software and Affected Versions: Quarkus-HTTP affected versions not specified Description: A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cook...