GHSA-RC95-PCM8-65V9 Quarkus has Authentication/Authorization bypasses

Quarkus version 3.32.4 is vulnerable to an authorization bypass issue GHSL-2026-099, in which semicolons matrix parameters in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources. Unauthenticated or lower-privileged users can...

EUVD-2022-15978

Malicious code in bioql PyPI...

EUVD-2023-0730

Malicious code in bioql PyPI...

EUVD-2024-1255

Malicious code in bioql PyPI...

at.meks.quarkiverse.axonframework-extension:quarkus-axon-jpa-eventstore-deployment (>=0.1.0-quarkus-3.15-RC3 <=0.1.0-quarkus-3.15-RC4), br.com.labbs:quarkus-monitor-reactive-deployment (>=3.15.3 <=3.15.4) +179 more potentially affected by CVE-2025-1247 via io.quarkus.resteasy.reactive:resteasy-reactive-common-processor (>=3.0.0.Alpha1 <=3.15.3)

io.quarkus.resteasy.reactive:resteasy-reactive-common-processor MAVEN version =3.0.0.Alpha1, =0.1.0-quarkus-3.15-RC3, =3.15.3, =24.5.0-alpha4, =24.5.0-alpha4, =24.5.0-alpha4, =2.0.0, =0.34.0, =0.34.0, =2.2.0.CR1, =2.2.0.CR1, =2.2.0.CR1, =0.0.1.CR38, =0.1.0...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the shared instance used in field injection without a CDI scope. An attacker can manipulate request data, impersonate users, or access sensitive information by exploiting the leakage of...

cn.sliew:carp-ageiport-server (>=0.0.10 <=0.0.14), com.abavilla:fpi-bot-api (>=1.8.3 <=1.8.5) +231 more potentially affected by CVE-2024-1726 via io.quarkus.resteasy.reactive:resteasy-reactive (>=3.3.0.CR1 <=3.7.3)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =3.3.0.CR1, =0.0.10, =1.8.3, =1.8.3, =1.8.7, =1.8.7, =1.9.7, =1.9.7, =1.10.3, =1.10.3, =1.0.31, =1.0.31, =1.6.3, =1.6.3, =1.5.9, =1.5.9, =1.6.0 and more Source cves: CVE-2024-1726 Source advisory: OSV:GHSA-MV64-86G8-CQQ7...

io.quarkiverse.cxf:quarkus-cxf-integration-test-hc5 (>=2.7.0 <=2.7.0.CR2), io.quarkiverse.renarde:quarkus-renarde (>=3.0.8 <=3.0.9) +64 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.7.0 <=3.7.0.CR1)

io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.7.0, =2.7.0, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.9 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +786 more potentially affected by CVE-2024-1726 via io.quarkus.resteasy.reactive:resteasy-reactive (>=1.11.0.Beta1 <=3.2.10.Final)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =1.11.0.Beta1, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.7, =1.21.0, =1.28.0 and more Source cves: CVE-2024-1726 Source advisory: OSV:GHSA-MV64-86G8-CQQ7...

Quarkus: security checks in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +237 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=1.11.0.Beta1 <=3.2.0.Final)

io.quarkus:quarkus-resteasy-reactive-common MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.3.3 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...

GHSA-MV64-86G8-CQQ7 Quarkus: security checks in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

cn.sliew:carp-ageiport-server (>=0.0.10 <=0.0.14), com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.5) +190 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.3.0 <=3.6.8)

io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.3.0, =0.0.10, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.6.0 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...

io.quarkiverse.renarde:quarkus-renarde-backoffice-deployment (>=3.0.8 <=3.0.9), io.quarkiverse.renarde:quarkus-renarde-deployment (>=3.0.8 <=3.0.9) +26 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.7.0 <=3.7.0.CR1)

io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.7.0, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.7.0, =3.7.0.CR1 - io.quarkus:quarkus-jaxrs-client-reactive-deployment =3.7.0.CR1 - io.quarkus:quarkus-keycloak-admin-client-reactive-deployment =3.7.0.CR1 -...

br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4), com.github.mcollovati:quarkus-hilla-deployment (>=1.0.0 <=2.0.0-alpha1) +44 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=1.11.0.Beta1 <=3.2.0.Final)

io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =1.11.0.Beta1, =1.0.0, =0.8.0, =0.8.0, =1.0.0, =1.0.3, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.30.0, =1.1.1.Final, =2.13.0.CR1, =3.2.0.Final and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25...

com.github.mcollovati:quarkus-hilla-commons-deployment (>=2.4.1 <=2.5.0-alpha2), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.5.0-alpha2) +51 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common-deployment (>=3.3.0 <=3.6.8)

io.quarkus:quarkus-resteasy-reactive-common-deployment MAVEN version =3.3.0, =2.4.1, =2.0.0, =2.4.1, =0.32.0, =0.32.0, =0.0.0, =0.5.0, =0.2.0, =0.6.3, =0.1.0, =0.1.0, =0.1.0, =0.7.1 and more Source cves: CVE-2023-5675 So...

PT-2024-5140 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to a flaw in the RESTEasy Reactive implementation, where security checks for some JAX-RS endpoints are performed after serialization, leading to increased resource...

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +709 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=3.0.0.Final <=3.2.8.Final)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =3.0.0.Final, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.7, =1.21.0, =1.28.0 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...

br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +164 more potentially affected by CVE-2023-6267 via io.quarkus.resteasy.reactive:resteasy-reactive (>=1.11.0.Beta1 <=2.13.8.Final)

io.quarkus.resteasy.reactive:resteasy-reactive MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.0.22, =1.0.22, =1.0.22, =1.0.15, =1.0.17 and more Source cves: CVE-2023-6267 Source advisory: OSV:GHSA-8J3X-W35R-RW4R...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9.SP1 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...