7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.5%
quarkus-vertx-http is vulnerable to an insecure cross-origin resource sharing (CORS) policy. The vulnerability exists because the XMLHttpRequest
has no event listeners registered on the object returned by the XMLHttpRequest
upload property, allowing an attacker to send malicious GET and POST request to the CORS filter within a ReadableStream object.
access.redhat.com/security/cve/CVE-2022-4147
bugzilla.redhat.com/show_bug.cgi?id=2148867
github.com/advisories/GHSA-9895-g6x5-xwcp
github.com/quarkusio/quarkus/commit/cc26704d3bed46ed1d5caee90f22894952a07182
github.com/quarkusio/quarkus/commit/e8865318eb5a9b14ffe7bc4dc603db5e3fb8765c
github.com/quarkusio/quarkus/pull/29473
github.com/quarkusio/quarkus/pull/29474
quarkus.io/blog/quarkus-2-14-2-final-released/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.5%