9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%
Quarkus is vulnerable to HTTP request smuggling. The vulnerability exists in handle
function in SmallRyeGraphQLAbstractHandler.java
due to incomplete termination of the HTTP request header which allows an attacker to smuggle HTTP requests by submitting malicious headers.
github.com/advisories/GHSA-mwhw-6p27-4crc
github.com/quarkusio/quarkus/commit/48787dec704466fc9bd53cd2cb134d40c77dc880
github.com/quarkusio/quarkus/commit/f23ca08e47a9731401f1c4472da0e6fe2bc1c413
github.com/quarkusio/quarkus/issues/26748
github.com/quarkusio/quarkus/pull/26777
quarkus.io/blog/quarkus-2-11-3-final-released
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%