4 matches found
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the shared instance used in field injection without a CDI scope. An attacker can manipulate request data, impersonate users, or access sensitive information by exploiting the leakage of...
io.quarkiverse.cxf:quarkus-cxf-integration-test-hc5 (>=2.7.0 <=2.7.0.CR2), io.quarkiverse.renarde:quarkus-renarde (>=3.0.8 <=3.0.9) +64 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.7.0 <=3.7.0.CR1)
io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.7.0, =2.7.0, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.8, =3.0.9 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...
Information Disclosure
resteasy-reactive-common is vulnerable to Information Disclosure. The vulnerability exists because the readFrom function in FileBodyHandler.java creates a temporary file with insecure permissions, which allows a local user to read the temporary file created...
br.com.labbs:quarkus-monitor-reactive (=1.0.4), br.com.labbs:quarkus-monitor-reactive-deployment (=1.0.4) +276 more potentially affected by CVE-2023-0481 via io.quarkus.resteasy.reactive:resteasy-reactive-common (>=1.11.0.Beta1 <=3.0.0.Alpha3)
io.quarkus.resteasy.reactive:resteasy-reactive-common MAVEN version =1.11.0.Beta1, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.3.3 and more Source cves: CVE-2023-0481 Source advisory: OSV:GHSA-J75R-VF64-6RRH...