com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +138 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-oidc (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-oidc MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420252...

quarkus-oidc: ID and access tokens leak via the authorization code flow

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

Insecure Session Cookie Handling

quarkus-oidc is vulnerable to Insecure OIDC Session Cookie Handling. The vulnerability exists because the library does not properly encrypt the OIDC session cookie value by default which leads to the leakage of both ID and access tokens in the authorization code flow when an insecure HTTP protoco...

com.abavilla:fpi-bot-api (>=1.0.2 <=1.1.0), com.abavilla:fpi-bot-api-core (>=1.0.2 <=1.1.0) +72 more potentially affected by CVE-2023-1584 via io.quarkus:quarkus-oidc (>=0.24.0 <=2.13.0.CR1)

io.quarkus:quarkus-oidc MAVEN version =0.24.0, =1.0.2, =1.0.2, =1.0.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.0.22, =1.0.22, =1.0.22, =1.0.15, =1.0.15, =1.0.15, =1.0.17 and more Source cves: CVE-2023-1584 Source advisory: OSV:GHSA-6HC9-CF8X-HF83...