Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Build Of Quarkus Security Vulnerabilities - February 2023

cve
cve

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

7.5CVSS

7.3AI Score

0.001EPSS

2023-02-23 08:15 PM
82
cve
cve

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

6.1CVSS

6AI Score

0.001EPSS

2023-02-23 08:15 PM
70