54 matches found
Authorization Bypass
quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...
com.github.t1:wunderbar.demo.product (>=2.2.0 <=3.5.1), io.github.chains-project:maven-lockfile-github-action (>=1.0.1 <=5.5.1) +24 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.14.0.CR1 <=3.5.2)
io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.14.0.CR1, =2.2.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =1.3.0, =1.8.0, =1.8.0, =1.3.0, =1.3.0, =1.7.4, =1.8.0, =1.3.0, =1.3.0, =2.14.1 and more Source cves: CVE-2023-6394https://v...
cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)
io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...
K19384335: SmallRye's API vulnerability CVE-2020-1729
Security Advisory Description A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this...
com.datastax.oss.quarkus:cassandra-quarkus-client (=1.0.0), com.datastax.oss.quarkus:cassandra-quarkus-client-deployment (>=1.0.0 <=1.1.1) +45 more potentially affected by CVE-2021-3914 via io.smallrye:smallrye-health-ui (>=2.2.3 <=3.1.1)
io.smallrye:smallrye-health-ui MAVEN version =2.2.3, =1.0.0, =1.0.4, =0.4.0, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.3.0.Beta1, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.2.1.Final, =1.2.2.Final and more Source cves: CVE-2021-3914 Source advisory: OSV:GHSA-PVC3-WVXR-7CMF...
GHSA-PVC3-WVXR-7CMF SmallRye Health UI Cross-site Scripting vulnerability
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
SmallRye Health UI Cross-site Scripting vulnerability
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2021-3914
The CVE-2021-3914 issue affects SmallRye Health UI: the health-metrics UI component did not adequately sanitize certain inputs, enabling cross-site scripting. Public references (GHSA and Red Hat advisory) confirm a persistent XSS in the SmallRye health UI endpoint and track a fix in later Red Hat...
PT-2022-10887 · Smallrye · Smallrye
Name of the Vulnerable Software and Affected Versions: smallrye affected versions not specified Description: The smallrye health metrics UI component did not properly sanitize some user inputs, allowing an attacker to conduct cross-site scripting attacks. Recommendations: At the moment, there is ...
SmallRye 跨站脚本漏洞
SmallRye is an open source implementation of MicroProfile Microservices Architecture Optimization Protocol by the Smallrye team. A cross-site scripting vulnerability exists in the smallrye-health-ui component of SmallRye, which stems from not properly cleaning certain user inputs. An attacker can...
smallrye-health-ui: persistent cross-site scripting in endpoint
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
org.wildfly:wildfly-microprofile-metrics-smallrye (>=22.0.0.Beta1 <=23.0.0.Final) potentially affected by CVE-2021-3503 via org.wildfly:wildfly-metrics (>=22.0.0.Beta1 <=23.0.0.Final)
org.wildfly:wildfly-metrics MAVEN version =22.0.0.Beta1, =22.0.0.Beta1, =23.0.0.Final Source cves: CVE-2021-3503 Source advisory: OSV:GHSA-C4R5-XVGW-2942...
GHSA-54FX-GM74-Q676 Permissions bypass in SmallRye
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
Permissions bypass in SmallRye
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2020-1729
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2020-1729
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...