Lucene search
K

54 matches found

Veracode
Veracode
added 2023/12/12 11:53 a.m.30 views

Authorization Bypass

quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...

9.1CVSS6.3AI score0.00814EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/09 3:30 a.m.8 views

com.github.t1:wunderbar.demo.product (>=2.2.0 <=3.5.1), io.github.chains-project:maven-lockfile-github-action (>=1.0.1 <=5.5.1) +24 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.14.0.CR1 <=3.5.2)

io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.14.0.CR1, =2.2.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =1.3.0, =1.8.0, =1.8.0, =1.3.0, =1.3.0, =1.7.4, =1.8.0, =1.3.0, =1.3.0, =2.14.1 and more Source cves: CVE-2023-6394https://v...

9.1CVSS7.1AI score0.00814EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/05/12 8:20 p.m.5 views

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

6.5CVSS6.5AI score0.00511EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.30 views

K19384335: SmallRye's API vulnerability CVE-2020-1729

Security Advisory Description A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this...

4.4CVSS6.4AI score0.00269EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/26 12:3 a.m.8 views

com.datastax.oss.quarkus:cassandra-quarkus-client (=1.0.0), com.datastax.oss.quarkus:cassandra-quarkus-client-deployment (>=1.0.0 <=1.1.1) +45 more potentially affected by CVE-2021-3914 via io.smallrye:smallrye-health-ui (>=2.2.3 <=3.1.1)

io.smallrye:smallrye-health-ui MAVEN version =2.2.3, =1.0.0, =1.0.4, =0.4.0, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.3.0.Beta1, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.2.1.Final, =1.2.2.Final and more Source cves: CVE-2021-3914 Source advisory: OSV:GHSA-PVC3-WVXR-7CMF...

6.1CVSS6.3AI score0.00442EPSS
Exploits0
OSV
OSV
added 2022/08/26 12:3 a.m.5 views

GHSA-PVC3-WVXR-7CMF SmallRye Health UI Cross-site Scripting vulnerability

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS5.8AI score0.00442EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/08/26 12:3 a.m.20 views

SmallRye Health UI Cross-site Scripting vulnerability

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS6.3AI score0.00442EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/08/25 8:15 p.m.4 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS5.7AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2022/08/25 8:15 p.m.22 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS0.00442EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/25 7:36 p.m.24 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1AI score0.00442EPSS
Exploits0References2
CVE
CVE
added 2022/08/25 7:36 p.m.96 views

CVE-2021-3914

The CVE-2021-3914 issue affects SmallRye Health UI: the health-metrics UI component did not adequately sanitize certain inputs, enabling cross-site scripting. Public references (GHSA and Red Hat advisory) confirm a persistent XSS in the SmallRye health UI endpoint and track a fix in later Red Hat...

6.1CVSS5.9AI score0.00442EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.4 views

PT-2022-10887 · Smallrye · Smallrye

Name of the Vulnerable Software and Affected Versions: smallrye affected versions not specified Description: The smallrye health metrics UI component did not properly sanitize some user inputs, allowing an attacker to conduct cross-site scripting attacks. Recommendations: At the moment, there is ...

6.1CVSS5.9AI score0.00442EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.5 views

SmallRye 跨站脚本漏洞

SmallRye is an open source implementation of MicroProfile Microservices Architecture Optimization Protocol by the Smallrye team. A cross-site scripting vulnerability exists in the smallrye-health-ui component of SmallRye, which stems from not properly cleaning certain user inputs. An attacker can...

6.1CVSS5.8AI score0.00442EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/18 10:56 a.m.5 views

smallrye-health-ui: persistent cross-site scripting in endpoint

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS5.5AI score0.00442EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/04/19 12:0 a.m.5 views

org.wildfly:wildfly-microprofile-metrics-smallrye (>=22.0.0.Beta1 <=23.0.0.Final) potentially affected by CVE-2021-3503 via org.wildfly:wildfly-metrics (>=22.0.0.Beta1 <=23.0.0.Final)

org.wildfly:wildfly-metrics MAVEN version =22.0.0.Beta1, =22.0.0.Beta1, =23.0.0.Final Source cves: CVE-2021-3503 Source advisory: OSV:GHSA-C4R5-XVGW-2942...

4.3CVSS5.8AI score0.01046EPSS
Exploits0
OSV
OSV
added 2022/03/18 5:55 p.m.1 views

GHSA-54FX-GM74-Q676 Permissions bypass in SmallRye

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4CVSS6.7AI score0.00269EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/03/18 5:55 p.m.28 views

Permissions bypass in SmallRye

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS7AI score0.00269EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/02/21 9:32 a.m.36 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.5CVSS1.1AI score0.00442EPSS
Exploits0References3
OSV
OSV
added 2021/05/28 2:15 p.m.30 views

CVE-2020-1729

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS7AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2021/05/28 2:15 p.m.35 views

CVE-2020-1729

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS0.00269EPSS
Exploits0References1
Rows per page
Query Builder