30 matches found
Path Equivalence
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.
HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP1)
An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.SP1. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
CVE-2026-39852
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=1.20.1) +2517 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-vertx-http (>=0.23.0 <=3.20.6)
io.quarkus:quarkus-vertx-http MAVEN version =0.23.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.2, =0.0.5 and more Source cves: CVE-2026-39852 Source advisory: OSV:GHSA-RC95-PCM8-65V9...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.9.38 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.9.38 <=1.20.1) +1591 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-vertx-http (>=3.0.0.Alpha1 <=3.20.6)
io.quarkus:quarkus-vertx-http MAVEN version =3.0.0.Alpha1, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.2, =0.0.1, =0.0.5 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420254...
Incorrect Authorization
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain...
Improper Output Neutralization for Logs
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbos...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.9.38 <=1.26.2), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.9.38 <=1.26.2) +1739 more potentially affected by CVE-2025-11537 via io.quarkus:quarkus-vertx-http (>=3.0.0.Alpha1 <=3.27.1)
io.quarkus:quarkus-vertx-http MAVEN version =3.0.0.Alpha1, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.0.6, =0.0.1, =0.0.6, =0.0.6, =0.0.6, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.5 and more Source cves: CVE-2025-11537 Source advisory: SNYK:JAVA-IOQUARKUS-15265250...
ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +459 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.28.0.CR1 <=3.30.8)
io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.28.0.CR1, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.7, =0.1.9 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-14897052...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.21.0 <=1.26.2), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.21.0 <=1.26.2) +590 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.21.0.CR1 <=3.27.1)
io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.21.0.CR1, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =0.0.6, =0.0.6, =0.0.6, =0.0.8, =0.1.0-RC15, =0.1.0-RC15, =0.1.0-RC14, =0.1.0-RC25 and mor...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.12.0 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.12.0 <=1.20.1) +914 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.12.0 <=3.20.4)
io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =3.15.3, =3.15.3, =0.2.0.0, =0.4.8.0, =0.7.0.2 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-148970...
io.quarkus/quarkus-vertx: Quarkus potential data leak
A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be...
io.quarkus/quarkus-vertx: Quarkus potential data leak
A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=1.15.0), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=1.15.0) +3074 more potentially affected by CVE-2025-49574 via io.quarkus:quarkus-vertx (>=0.11.0 <=3.15.5)
io.quarkus:quarkus-vertx MAVEN version =0.11.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.1.0-quarkus-3.15-RC2, =0.1.0-quarkus-3.15-RC2, =1.0.4, =1.0.4, =0.0.2-alpha, =0.0.3-alpha, =0.0.10-alpha, =1.3.0-alpha-0 - br.com.senior:seniorx-integration-parameters-api...
Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.2 release security update
Red Hat Integration Camel K 1.10.2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...