190 matches found
com.github.mcollovati:quarkus-hilla-commons-deployment (>=2.4.1 <=2.5.0-alpha2), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.5.0-alpha2) +51 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.3.0 <=3.6.8)
io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.3.0, =2.4.1, =2.0.0, =2.4.1, =0.32.0, =0.32.0, =0.0.0, =0.5.0, =0.2.0, =0.6.3, =0.1.0, =0.1.0, =0.1.0, =0.7.1 and more Source cves: CVE-2023-5675 So...
Quarkus: security checks in resteasy reactive may trigger a denial of service
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...
CVE-2024-28181
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
CVE-2024-1726
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...
PT-2024-5140 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to a flaw in the RESTEasy Reactive implementation, where security checks for some JAX-RS endpoints are performed after serialization, leading to increased resource...
This Week in Spring - February 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...
ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +710 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=3.0.0.Final <=3.2.8.Final)
io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =3.0.0.Final, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.7, =1.21.0, =1.28.0 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...
br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +164 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=1.11.0.Beta1 <=2.13.8.Final)
io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.0.22, =1.0.22, =1.0.22, =1.0.15, =1.0.17 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP1 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report
New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk ...
Microsoft shares threat intelligence at CYBERWARCON 2023
At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microso...
io.quarkus:quarkus-csrf-reactive-deployment (>=2.13.0.CR1 <=2.16.10.Final) potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=2.13.0.CR1 <=2.16.10.Final)
io.quarkus:quarkus-csrf-reactive MAVEN version =2.13.0.CR1, =2.13.0.CR1, =2.16.10.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
io.quarkiverse.renarde:quarkus-renarde (=3.0.4), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.4) +11 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-csrf-reactive MAVEN version =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
io.quarkiverse.renarde:quarkus-renarde (=3.0.3), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.3) +10 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.0.0.Alpha1 <=3.2.5.Final)
io.quarkus:quarkus-csrf-reactive MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.2.12.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,
This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...
Improper Neutralization Of HTTP Headers
Spring HATEOS is vulnerable to Improper Neutralization Of HTTP Headers. The vulnerability is due to not sanitizing or stripping the "Forwarded", "X-Forwarded-Host", "X-Forwarded-Port" or "X-Forwarded-Proto" headers. This can allow an attacker to spoof these headers values thereby bypassing securi...
CVE-2023-34036
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
Design/Logic Flaw
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...