Lucene search
K

190 matches found

vulnersOsv
vulnersOsv
added 2024/04/25 6:30 p.m.11 views

com.github.mcollovati:quarkus-hilla-commons-deployment (>=2.4.1 <=2.5.0-alpha2), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.5.0-alpha2) +51 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.3.0 <=3.6.8)

io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.3.0, =2.4.1, =2.0.0, =2.4.1, =0.32.0, =0.32.0, =0.0.0, =0.5.0, =0.2.0, =0.6.3, =0.1.0, =0.1.0, =0.1.0, =0.7.1 and more Source cves: CVE-2023-5675 So...

6.5CVSS6.5AI score0.00458EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/25 6:30 p.m.25 views

Quarkus: security checks in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

5.3CVSS7.1AI score0.00721EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/03/14 6:15 p.m.31 views

CVE-2024-28181

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

8.1CVSS8.4AI score0.00796EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/02/21 11:2 p.m.23 views

CVE-2024-1726

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

5.3CVSS5.3AI score0.00721EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-5140 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to a flaw in the RESTEasy Reactive implementation, where security checks for some JAX-RS endpoints are performed after serialization, leading to increased resource...

5.3CVSS6.7AI score0.00721EPSS
Exploits0References11
Spring Security Advisories
Spring Security Advisories
added 2024/02/13 12:0 a.m.9 views

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/25 9:32 p.m.7 views

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +710 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=3.0.0.Final <=3.2.8.Final)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =3.0.0.Final, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.7, =1.21.0, =1.28.0 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...

9.8CVSS7.2AI score0.00719EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/25 9:32 p.m.4 views

br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +164 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=1.11.0.Beta1 <=2.13.8.Final)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.0.22, =1.0.22, =1.0.22, =1.0.15, =1.0.17 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...

9.8CVSS7.2AI score0.00719EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/25 1:51 p.m.41 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP1 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.9AI score0.00719EPSS
Exploits0References5
Qualys Blog
Qualys Blog
added 2024/01/22 4:48 p.m.22 views

Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report

New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk ...

7.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/11/09 12:0 p.m.29 views

Microsoft shares threat intelligence at CYBERWARCON 2023

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microso...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/09/20 12:30 p.m.7 views

io.quarkus:quarkus-csrf-reactive-deployment (>=2.13.0.CR1 <=2.16.10.Final) potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=2.13.0.CR1 <=2.16.10.Final)

io.quarkus:quarkus-csrf-reactive MAVEN version =2.13.0.CR1, =2.13.0.CR1, =2.16.10.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

8.1CVSS7.2AI score0.01215EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/20 12:30 p.m.7 views

io.quarkiverse.renarde:quarkus-renarde (=3.0.4), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.4) +11 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.3.0 <=3.3.2)

io.quarkus:quarkus-csrf-reactive MAVEN version =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

8.1CVSS7.2AI score0.01215EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/20 12:30 p.m.8 views

io.quarkiverse.renarde:quarkus-renarde (=3.0.3), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.3) +10 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.0.0.Alpha1 <=3.2.5.Final)

io.quarkus:quarkus-csrf-reactive MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.2.12.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

8.1CVSS7.2AI score0.01215EPSS
Exploits1
Spring Security Advisories
Spring Security Advisories
added 2023/09/09 12:0 a.m.15 views

All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,

This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...

7.2AI score
Exploits0
Veracode
Veracode
added 2023/07/18 7:16 a.m.27 views

Improper Neutralization Of HTTP Headers

Spring HATEOS is vulnerable to Improper Neutralization Of HTTP Headers. The vulnerability is due to not sanitizing or stripping the "Forwarded", "X-Forwarded-Host", "X-Forwarded-Port" or "X-Forwarded-Proto" headers. This can allow an attacker to spoof these headers values thereby bypassing securi...

5.3CVSS6.8AI score0.00403EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/17 11:15 a.m.51 views

CVE-2023-34036

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS0.00403EPSS
Exploits0References1
Prion
Prion
added 2023/07/17 11:15 a.m.16 views

Design/Logic Flaw

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5CVSS5.6AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/17 10:0 a.m.47 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS5.5AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 10:0 a.m.34 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS6.1AI score0.00403EPSS
Exploits0References3
Rows per page
Query Builder